Get around that pesky firewall filtering with tsocks

I generally don’t have any issues knowing someone might be snooping on a bit of my traffic. However there are times you may want your traffic to be a bit more private. For example if your boss is a raging tyrant and your looking for a new job, and you know the sky would fall if he found out you emailed or happened to be on Career Builder or for that matter had even the slightest idea of abandoning him. Yes I am recounting something from my past, hey at least its distant past :). So if you find yourself in that situation read on for how to use tsocks and ssh as a simple proxy.

First things first, for this to work you need to have ssh access to a machine outside your network. I like to use an account in shanghi, but really if you just ssh back to your home machine that will most likely suffice. Ok now that you can ssh out you can use ssh dynamic port forwarding via SOCKS, but you need to install tsocks before that will be useful.
For debian:

aptitude install tsocks

Now you need to edit your tsocks.conf to point it to localhost (since we are using ssh dynamic ports). Ensure the following lines in /etc/tsocks.conf

server =
server_port = 1080
server_type = 5

So thats it! Easy eh? Now to surf or check email in privacy.

ssh -D 1080 remotebox.domain.tld &
tsocks firefox &
tsocks thunderbird &

*Note: Another great use for this is when you are on the road. Many hotels block outbound port 25, which causes you to not be able to send email with your prefered mail client unless you start doing ssh port forwarding or some other trickery. And its a pita to setup multiple outbound smtp connections that you have to switch to. Anyway hope you find this useful. Here is a video of the process for your viewing pleasure.

[flash w=640 h=480 preview={|320|240} linktext={screencast: tsocks} mode=3 caption={screencast: tsocks}]


  • Robert Fleming Linux Firefox 3.0a1 wrote:

    Firefox and (I think) Tbird have built-in SOCKS capability (obviating tsocks), although DNS requests might not be proxied, I don’t remember. Tsocks is good for other apps though.

    A more permanent arrangement is to run OpenVPN at home and work, enable IP forwarding at home, and set your work computer route Internet traffic through the tunnel.

  • Thanks for the comment Robert. Tsocks does not proxy DNS requests without a patch. Indeed firefox has builtin socks and there is foxyproxy which can do some cool things. However it is a bit easier to show how socks works with a browser than with a mail client. I have found it useful in select hotels that block port 25 out. Its much easier to use socks to get around that than setting up multiple outbound servers and doing ssh tunneling, or even setting up a vpn. Although a vpn would be a great permanent solution tsocks is helpful for on the spot type things.

  • Do I install tsocks on my home machine or the work machine?

  • Crash, You install tsocks on the machine you wish to browse from. You would then ssh to your home machine using the dynamic port 1080. That way when tsocks wraps your application its traffic will go out through the ssh tunnel. ….. So you do need the ability to install tsocks on the local machine and you need to be able to ssh to a remote machine.

    Hope that helps


  • […] get around firewall filtering with tsocks […]

  • Thanks for the how-to. Unfortunately I just can’t seem to get tsocks to tunnel internet traffic. My connection is via a vpn and uses an IP number rather than a domain name – would that make a difference? I can ssh into the machine and everything works, but for some reason the traffic isn’t routed through tsocks.

    Any ideas?

  • Would probably need some more information but can you ssh from your vpn connection to some external machine? If you can ssh from your vpn connection to an external machine thats how you setup your tunnel to the outside. Then tsocks just wraps your application and connects to your ssh dynamic proxy tunnel.

  • Thanks for the reply Nick.
    I can log into the remote machine via ssh etc, but if I ssh into the machine and then run tsocks konqueror (for example), the IP in konqueror is not the remote address. It does seem like tsocks.conf is important as I get a segmentation fault if I hash out the server, port and type lines. Any ideas?

  • I have had some issues with tsocks and certain applications before. Try it with a different browser maybe firefox or ephipany. Don’t background your ssh connection, do you get any error messages there?

  • Awesome – it appears that it was a simple glitch with konqueror. I tried it with firefox and a few other programs and it is working beautifully. Sorry for all the questions, and thanks for all your help…..

  • woofer Linux Opera 9.64 wrote:

    I used to run an ssh tunnel and access my mail at work using thunderbird over it.

    ssh -D 1080 user@ssh.tunnel.server
    in thunderbird, proxy was set as localhost, and 1080 port.

    This was working beautifully till i upgraded to ubuntu 9.4. With this, thunderbird suddenly stopped working and gave some errors about not being able to connect to the proxy.

    I removed the proxy settings in thunderbird and ran tsocks thunderbird, it is connecting now.

Leave a Reply

Your email is never shared.Required fields are marked *

To submit your comment, click the image below where it asks you to...
Clickcha - The One-Click Captcha