Neil Turner's Blog

Blogging about technology and randomness since 2002

SOCKS Port Forwarding

The university has an electronic document management system, whereby documents can be stored centrally and checked out by staff to be modified and then checked back in again. A bit like CVS, I suppose.

In it are the past exams papers for all module exams from the past 4 (or so) years, and recently students have been encouraged to log in and download copies of the papers to help them revise. However, the server that houses the repository is only accessible from within the university – I’m guessing it filters IP addresses such that only those from the university’s subnet are allowed access. Fine if you’re using a cluster machine or in a hall of residence, but not so good for people like me.

However, the university are kind enough to give us shell accounts on a couple of servers that can be accessed using SSH. You can probably still use Telnet to access them too, but, yeah. So it’s a relatively simple task of setting up an SSH tunnel to one of these servers and then setting your browser to use a SOCKS proxy.

On a Unixish (Linux, Mac OS X etc.) machine, all you need to do is open a Terminal window and type ‘ssh -D [port] [hostname]‘ where [port] is some number greater than 1024 that doesn’t conflict with something else and [hostname] is the computer you’re connecting to, then in your web browser, set it to use a proxy server called ‘localhost’ on the port that you specified.

On Windows, you need to download PuTTY. Install it and run it, type in the hostname of the server, then switch the the Tunnels tab (under Connection –> SSH) and select the ‘Dynamic’ radio button. Then type the port number in Source, leaving Destination blank, and connect. Note that you will need a relatively recent version of PuTTY as older versions do not support SOCKS, but then old versions also have nasty security flaws so you shouldn’t be using them anyway.

This was mostly for my own reference but hopefully someone reading this will find it useful. I doubt I’ll need to use this again until the next round of exams in May since most university systems are accessible outside with the correct login credentials, but this seems to be the exception.


  1. You could also port-forward to any of the web proxies that many departments run and do it that way which would have the benefit of not generating any local dns traffic.
    You’ll also find that the Apple web store will only give you the student prices if you are connecting from a known academic network, so it’s useful there too.
    Personally though I found it more usefull to do it the other way round, Firefox and Putty from within the university to avoid their filtering and monitoring.

  2. port forwarding and ssh-agent have been around for many years. In the good old days you could just run SLIP via a telnet connection…

  3. Which ssh server do you use for this? I’ve tried both linux1 and muser as ssh servers with dynamic tunnels from both windows and linux, and neither would seem to let me proxy

  4. I’ve solved my problems with the forwarding. It was firefox causing problems. When I removed from addresses not to proxy, and used that as my localhost ip, then it seemed to start using the socks proxy via ssh tunnel. Thanks for help Neil.