Originally Posted by
ActionParsnip
+1. I use a SOCKS5 tunnel (via ssh) all the time when traveling to have my web traffic appear to originate from my HOME network. I've posted a script here just for that a few times. I'd post it again (Linux workstation/laptop to any ssh-server), but my laptop isn't powered on and I can't ssh into it right now.
Hummmm ... but I have backups online somewhere.
Code:
#!/bin/bash
PORT=64001 # ssh port, best not to use 22/tcp from the internet
SSH_SRV=my-ssh-server.example.com # could be an IP
# Only start SOCKS proxy if necessary
if [ $(/bin/ps -eaf |/bin/grep ssh |/bin/grep -c $PORT ) = 0 ] ; then
# Setup SOCKS proxy through home server
echo "Starting ssh SOCKS Proxy"
/usr/bin/ssh -f -C -D $PORT $SSH_SRV -NT &
fi
# Star private firejail with chromium, going through
# just setup SOCKS proxy
sleep 3;
echo "Starting Firejail chromium with private & proxy "
export http_proxy="socks5://localhost:$PORT ";
/usr/bin/firejail --private chromium-browser \
--proxy-server="socks5://localhost:$PORT " &
exit;
I use firejail in a private mode. Chromium allows specifying the proxy-server on the command line. Firefox does not, so I use chromium for this purpose. Chromium runs on my local machine and all HTTP/HTTPS traffic is sent to $SSH_SRV before going to the final address. That address can be local, on the same LAN or on the internet.
It is also possible to use X11 to run chromium on the remote system and have the window displayed on my workstation.
Easy ...
Code:
$ ssh -X regulus /usr/bin/firejail --private chromium-browser
panic: permission denied
goroutine 1 [running]:
github.com/snapcore/snapd/snapdtool.ExecInSnapdOrCoreSnap()
/build/snapd-xa84xt/snapd-2.51.1+20.04ubuntu2/_build/src/github.com/snapcore/snapd/snapdtool/tool_linux.go:205 +0x59e
main.main()
/build/snapd-xa84xt/snapd-2.51.1+20.04ubuntu2/_build/src/github.com/snapcore/snapd/cmd/snap/main.go:452 +0x39
... unless there is a snap package involved. snaps just want to get in the way. I think it is that chromium has their own sandbox which conflicts with firejail. Let's try that again, without firejail:
Code:
$ ssh -X regulus chromium-browser
Yep. That worked, through running a full browser on a raspberry-pi won't set any speed records. Also, X11 forwarding doesn't do audio, but video is fast on most LANs.
Bookmarks