Get around that pesky firewall filtering with tsocks

I gen­er­ally don’t have any issues know­ing some­one might be snoop­ing on a bit of my traf­fic. How­ever there are times you may want your traf­fic to be a bit more pri­vate. For exam­ple if your boss is a rag­ing tyrant and your look­ing for a new job, and you know the sky would fall if he found out you emailed or hap­pened to be on Career Builder or for that mat­ter had even the slight­est idea of aban­don­ing him. Yes I am recount­ing some­thing from my past, hey at least its dis­tant past :). So if you find your­self in that sit­u­a­tion read on for how to use tsocks and ssh as a sim­ple proxy.

First things first, for this to work you need to have ssh access to a machine out­side your net­work. I like to use an account in shanghi, but really if you just ssh back to your home machine that will most likely suf­fice. Ok now that you can ssh out you can use ssh dynamic port for­ward­ing via SOCKS, but you need to install tsocks before that will be use­ful.
For debian:

aptitude install tsocks

Now you need to edit your tsocks.conf to point it to local­host (since we are using ssh dynamic ports). Ensure the fol­low­ing lines in /etc/tsocks.conf

server =
server_port = 1080
server_type = 5

So thats it! Easy eh? Now to surf or check email in pri­vacy.

ssh -D 1080 remotebox.domain.tld &
tsocks firefox &
tsocks thunderbird &

*Note: Another great use for this is when you are on the road. Many hotels block out­bound port 25, which causes you to not be able to send email with your pref­ered mail client unless you start doing ssh port for­ward­ing or some other trick­ery. And its a pita to setup mul­ti­ple out­bound smtp con­nec­tions that you have to switch to. Any­way hope you find this use­ful. Here is a video of the process for your view­ing pleasure.

[flash w=640 h=480 preview={|320|240} linktext={screencast: tsocks} mode=3 caption={screencast: tsocks}]


  • Robert Fleming Linux Firefox 3.0a1 wrote:

    Fire­fox and (I think) Tbird have built-in SOCKS capa­bil­ity (obvi­at­ing tsocks), although DNS requests might not be prox­ied, I don’t remem­ber. Tsocks is good for other apps though.

    A more per­ma­nent arrange­ment is to run Open­VPN at home and work, enable IP for­ward­ing at home, and set your work com­puter route Inter­net traf­fic through the tunnel.

  • Thanks for the com­ment Robert. Tsocks does not proxy DNS requests with­out a patch. Indeed fire­fox has builtin socks and there is foxyproxy which can do some cool things. How­ever it is a bit eas­ier to show how socks works with a browser than with a mail client. I have found it use­ful in select hotels that block port 25 out. Its much eas­ier to use socks to get around that than set­ting up mul­ti­ple out­bound servers and doing ssh tun­nel­ing, or even set­ting up a vpn. Although a vpn would be a great per­ma­nent solu­tion tsocks is help­ful for on the spot type things.

  • Do I install tsocks on my home machine or the work machine?

  • Crash, You install tsocks on the machine you wish to browse from. You would then ssh to your home machine using the dynamic port 1080. That way when tsocks wraps your appli­ca­tion its traf­fic will go out through the ssh tun­nel. .…. So you do need the abil­ity to install tsocks on the local machine and you need to be able to ssh to a remote machine.

    Hope that helps


  • […] get around fire­wall fil­ter­ing with tsocks […]

  • Thanks for the how-to. Unfor­tu­nately I just can’t seem to get tsocks to tun­nel inter­net traf­fic. My con­nec­tion is via a vpn and uses an IP num­ber rather than a domain name — would that make a dif­fer­ence? I can ssh into the machine and every­thing works, but for some rea­son the traf­fic isn’t routed through tsocks.

    Any ideas?

  • Would prob­a­bly need some more infor­ma­tion but can you ssh from your vpn con­nec­tion to some exter­nal machine? If you can ssh from your vpn con­nec­tion to an exter­nal machine thats how you setup your tun­nel to the out­side. Then tsocks just wraps your appli­ca­tion and con­nects to your ssh dynamic proxy tunnel.

  • Thanks for the reply Nick.
    I can log into the remote machine via ssh etc, but if I ssh into the machine and then run tsocks kon­queror (for exam­ple), the IP in kon­queror is not the remote address. It does seem like tsocks.conf is impor­tant as I get a seg­men­ta­tion fault if I hash out the server, port and type lines. Any ideas?

  • I have had some issues with tsocks and cer­tain appli­ca­tions before. Try it with a dif­fer­ent browser maybe fire­fox or ephipany. Don’t back­ground your ssh con­nec­tion, do you get any error mes­sages there?

  • Awe­some — it appears that it was a sim­ple glitch with kon­queror. I tried it with fire­fox and a few other pro­grams and it is work­ing beau­ti­fully. Sorry for all the ques­tions, and thanks for all your help.….

  • woofer Linux Opera 9.64 wrote:

    I used to run an ssh tun­nel and access my mail at work using thun­der­bird over it.

    ssh –D 1080 [email protected]
    in thun­der­bird, proxy was set as local­host, and 1080 port.

    This was work­ing beau­ti­fully till i upgraded to ubuntu 9.4. With this, thun­der­bird sud­denly stopped work­ing and gave some errors about not being able to con­nect to the proxy.

    I removed the proxy set­tings in thun­der­bird and ran tsocks thun­der­bird, it is con­nect­ing now.

Leave a Reply

Your email is never shared.Required fields are marked *

To submit your comment, click the image below where it asks you to...
Clickcha - The One-Click Captcha