Alright, so before you push on through this post lets cover some basic scenarios where-by this might be useful:

  1. You’re on an insecure network and want to prevent your traffic being snooped on.
    All your traffic will be sent over SSH so it’ll all be encrypted to the point that it leaves your tunnel end.
  2. You want to get local access to a work or home network that’s behind a firewall.
    By tunnelling all your traffic through a host internal to that network requests will appear to come from it’s local address within that network, allowing you to access things you usually wouldn’t be able to remotely as if you were internal to the network.

Amusingly this was actually the best explanatory image on the subject of SSH tunnelling I could find, courtesy of an Engadget post here.

ssh tunnel diagram ht Use a SSH tunnel as a (Mac) system wide SOCKS proxy to secure your traffic or bypass firewalls.

So, if you’ve made it this far then hopefully this is something that’ll actually be useful for you. To start off with you’re first going to need a host somewhere that is running an SSH server and of which you have access to.

So lets go ahead and open our tunnel:

ssh -D 1234 greg@111.112.113.114

The ‘-D 1234′ is assigning this SSH connection to a port on our local machine, you can use 1234 or pick another unused port of your own. Then it’s obviously the user ‘greg’ at host 111.112.113.114. If you’ve already put one of my previous posts about SSH keys into practice then you’ll be connected, otherwise you’ll have to enter your password.

Alright, so that’s the tunnel established, now we just need to tell OS X to use it. For that we’ll be needing System Preferences –> Network:

Screen Shot 2011 10 01 at 15.33.52 Use a SSH tunnel as a (Mac) system wide SOCKS proxy to secure your traffic or bypass firewalls.
Select your active network down the left (in my case Ethernet) and click Advanced. Navigate to the Proxies heading and enter in your machine and the port you chose under SOCKS proxy:

Screen Shot 2011 10 01 at 15.36.45 Use a SSH tunnel as a (Mac) system wide SOCKS proxy to secure your traffic or bypass firewalls.Click Okay and then Apply. Now your machine should be routing all it’s traffic via the tunnel you setup earlier.

Now if all that messing around in system preferences is a bit much for you to want to do every time then there is a terminal command to enable and disable this newly setup SOCKS proxy:

networksetup -setsocksfirewallproxystate Ethernet on

OR

networksetup -setsocksfirewallproxystate Ethernet off

So you can script the SSH connection and enabling of the proxy if you’d like, enjoy.