*   \   &   ©   |   /   * *   \   &   ©   |   /   * *   \   &   ©   |   /   * *   \   &   ©   |   /   * *   \   &   ©   |   /   *

JTunnel

Easily proxy your Internet traffic over encrypted SSH tunnels, or even using more exotic packet routing techniques like IP-over-DNS, -ICMP, and -HTTPS.

This software has been successfully used to route past the Great Firewall of China, as well as censorware used by corporations and government agencies in the United States.

Downloads

Usage

  • Edit the script with a text editor to set the “user” and “host” variables.
  • Set auto-proxy config settings as appropriate, or set manually…
  • Manual proxy settings: “SOCKS” on “localhost” port 9911 — make sure HTTP proxy, FTP proxy, etc. are left blank (in Firefox)
  • The Windows script will automatically set your Internet Explorer proxy settings, but IE must be closed before running the BAT.
  • Close IE and exit jtunnel.bat for your previous settings to be restored.

Details

The basic magic of jtunnel is just dynamic ssh port forwarding, (SOCKS). One can also use local forwarding and an HTTP proxy (detailed below)

ssh -v -C -N -f -D 9911 $USER@$HOST

explanation of the ssh flags:

  • -v: verbose (keep tabs on what’s going on)
  • -C: compression
  • -N: no shell (this is just a tunnel)
  • -f: fork the process (run in background)
  • -D 9911: do dynamic port forwarding to local port 9911

Setting up a proxy server

  • almost all default sshd configurations allow traffic forwarding, including major web hosting services like Dreamhost, Lunarpages, and Joyent
    • configure sshd:
      • edit sshd.conf, usually in /etc/ssh
      • add the following line if it is not already there, making sure it is not commented out: AllowTcpForwarding yes
    • restart sshd
  • squid, apache+mod_proxy, or even wwwoffle (a proxy optimized for offline caching) allow for robust HTTP/HTTPS proxying. I’ve seen no noticable performance increase over sshd, however.

Commenting is closed for this article.