I do have a router at home facing the outside world which will let me connect on port 443 and I can create a proxy on that and forward the ports.

Tsocks is a program that will let any program connect through a socks proxy that you create on your computer. I'll create a socks proxy with the -D modifier for SSH and then I'll be able to connect to my home computer by accessing it on its LAN address of 192.168.1.xxx.

So, here goes. Installing and setting up tsocks.


I'll install tsocks on my ubuntu laptop with the following command:

sudo apt-get install tsocks

Then I've got to configure tsocks to use the socks proxy on the port I'll specify later when I create my SSH tunnel proxy:

I read from somewhere that I've only got to edit the tsocks configuration file at /etc/tsocks.conf, so I'll open it by typing:

sudo nano /etc/tsocks.conf

At the bottom of the file, I see the following lines:

# Default server
# For connections that aren't to the local subnets or to 150.0.0.0/255.255.0.0
# the server at 192.168.0.1 should be used (again, hostnames could be used
# too, see note above)

server = 192.168.0.1
# Server type defaults to 4 so we need to specify it as 5 for this one
server_type = 5
# The port defaults to 1080 but I've stated it here for clarity
server_port = 1080

I comment them all out so they look like this:
# Default server
# For connections that aren't to the local subnets or to 150.0.0.0/255.255.0.0
# the server at 192.168.0.1 should be used (again, hostnames could be used
# too, see note above)

#server = 192.168.0.1
# Server type defaults to 4 so we need to specify it as 5 for this one
#server_type = 5
# The port defaults to 1080 but I've stated it here for clarity
#server_port = 1080

And then I add the following lines right below the commented out lines:

server = 127.0.0.1
# Server type defaults to 4 so we need to specify it as 5 for this one
server_type = 5
# The port defaults to 1080 but I've stated it here for clarity
server_port = 9999

That just tells tsocks that I'm going to use the proxy I create on my own laptop on port 9999.

I save the file by typing <kbd><ctrl>+o</kbd>, then I hit <kbd><Enter></kbd> to confirm the filename, and I press <kbd><ctrl>+x</kbd> to close the file.

Now I'll create a tunnel proxy with SSH and I'll test out tsocks. From a command prompt, I type:

<kbd>ssh -D 9999 -C MyUserName@MyHomeServerIP -p 443</kbd>

<kbd></kbd>When prompted, I enter my password. The proxy to my home network is now created. The machine I've logged in to is actually a Linksys router running DD-WRT software. It is the entryway to my home network.

Now that I created a tunnel proxy, I can test out tsocks.

Testing out tsocks


I open up a new terminal and try to run a program using tsocks.I'll just test tsocks by running firefox through the proxy. I run:

<kbd>tsocks firefox</kbd>

<kbd></kbd>Firefox starts up and I go to whatismyip.com. The IP address listed at Whatismy is my home IP address. It works!

Another Test. Connecting to Windows Remote Desktop (RDP) from behind a firewall that blocks port 3389.

As I said, I'm behind a restrictive firewall, and only a few ports (80, 443) are open. I'd like to see if I can connect to a Windows XP machine on my home network that is 5 miles away.

Using tsocks, I'll try connecting to the RDP server on my XP machine:

<kbd>tsocks tsclient</kbd>

<kbd></kbd>I enter in the subnet address of my XP machine and I connect.

Bingo! It works! I've logged in remotely to my Windows XP machine at home using my proxy even though the firewall I'm behind blocks port 3389.

Now I'll try to connect to an NX server running on a Debian PC on my home network.

I first have to install the NX client available from www.nomachine.com/download.php . There are also some open source NX clients available, but I choose to use the closed source NX client from Nomachine. I like it, it's not wonky, and it has lots of good features.

For Ubuntu and Debian, the NX client can be downloaded from www.nomachine.com/download-package.php

So, once I've downloaded the NX client, I attempt to connect to my Debian PC in the spare bedroom at home, and I do it through the proxy I created earlier, using tsocks:

tsocks /usr/NX/bin/nxclient

Everything works fine. I'm able to connect to my NX server at home even though port 22 is blocked, because I've set up a tunnel proxy by SSH'ing to my home network's SSH server which listens on port 443.

NX works great with tsocks, and on a side note, the NX connection seems to be a lot more responsive than the RDP connection to the Windows XP machine.

There's no limit to what you can do with a SSH tunnel proxy and tsocks. I've used it to connect to an remote RDP server even though port 3389 was blocked, I used it to run firefox with the IP of my home network, and I used it to connect to a remote NX server even though port 22 is blocked.

So a restrictive firewall doesn't have to keep you down. You can continue with the activities you want to do even if a firewall limits the ports available to you.