Skip to content

Instantly share code, notes, and snippets.

@xriss
Last active Jun 30, 2016
Embed
What would you like to do?
Use ssh to run a socks proxy, locked down by IP, probably running on a NAT VPS.
# Use ssh to run a socks proxy, locked down by IP, probably running on a NAT VPS.
# note that this script shouid be run inside byobu for longterm proxying
# beware that you will need to stop and then run this script again if your IP changes.
# the port to share on must be in valid range for your nat vps
# use this combined with the public ip to connect a browser to this socks server
PORT=1001
# find your public ip here-> https://www.google.com/search?q=what+is+my+ip
# pass it in as the first argument to this script, or hardcode it here.
MYIP=$1
# on a nat vps this is not going to be 22, so set it correctly for your machine
SSHPORT=22
# protect the port, so only people from your IP can connect to it VERY IMPORTANT!
# this resets old iptables junk
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# this adds a new chain which will only allow connections from #MYIP
iptables -X xxx
iptables -N xxx # create a new chain
iptables -A xxx --src $MYIP -j ACCEPT # who to allow
iptables -A xxx -j DROP
iptables -I INPUT -m tcp -p tcp --dport $PORT -j xxx
# use ssh to connect back into ourselves and start a proxy server at the same time (HAXTBH)
# this may ask for a password, use " ssh-copy-id root@localhost " to stop it doing that
ssh -p $SSHPORT -D *:$PORT root@localhost "bash"
# type exit in that new connection to shut this proxy down
# this makes it easier to control than having it run a proxy headless
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment