This post appeared originally in our sysadvent series and has been moved here following the discontinuation of the sysadvent microsite

It is late night. You have just arrived at your Grandparents, when the SMS beeper goes off. There is a problem with a SAN controller, and the on-call person know you fixed it the last time. Now, if you only had documented it.

You know you have to fix this yourself, but you have no VPN access. You don’t even have an Internet connection, except your 3G mobile phone, and you really need access to that admin web GUI. There is an emergency SSH port available, but no other port is open. X-forwarding over 3G? Not an option. SSH port-forwarding and fix /etc/hosts. Doable perhaps? VNC over SSH? Awkward. Enter the SSH socks proxy!

Emergency web access

Simply run:

ssh -D 1080

Now, you have a local port 1080 that creates a SOCKS proxy to the server side. Firefox has support for that proxy.

Settings -> Advanced -> Network -> Configure how Firefox connects to the Internet -> Manual settings, Socks: localhost, Port: 1080

If you need to resolve addresses from the server side, add that to the configuration. In the URL field, type about:config , then search for key network.proxy.socks_remote_dns

Set it to true. That is all. You are now surfing as if Firefox was running locally on the login server. Remember to reset your settings after you have finished your session, or Firefox will not work properly when you close your SOCKS proxy SSH shell.

Not just surfing

But wait, there’s more. With a local SOCKS proxy, you may also use other programs, and they don’t even have to support SOCKS themselves. Install tsocks, and set localhost as the socks proxy host:

sudo yum install tsocks || sudo apt-get install tsocks
echo "server =" | sudo tee /etc/tsocks.conf

tsocks is a little gem of a program. It hooks into other programs, and redirects network traffic to the local SOCKS proxy. Now, while the SSH SOCKS proxy is still running (the ssh -D1080 command), just use tsocks to run your favourite program through the proxy:

# Log into a server on a closed network behind the firewall
tsocks ssh

# Run a local psql shell against a remote server through the SOCKS proxy
tsocks psql -U pg_admin_user -W -h -W template1

or to run a whole session of commands through the socks proxy, start with “. tsocks on” (note the leading dot), and stop it with “. tsocks off”

. tsocks on
. tsocks off

To run Firefox through the SOCKS proxy, but without changing its configuration:

 tsocks firefox   # Stop firefox first

To check tsocks status, run

tsocks show

If the LD_PRELOAD variable is empty, tsocks is disabled for this shell.

Note that all Internet traffic is not routed via tsocks. For example, ICMP is not.

Ingvar Hagelund

Team Lead, Application Management for Media at Redpill Linpro

Ingvar has been a system administrator at Redpill Linpro for more than 20 years. He is also a long time contributor to the Fedora and EPEL projects.

Alarms made right

At my work, we’re very much dependent on alarms. The systems need to be operational 24/7. When unexpected issues arise, timely manual intervention may be essential. We need good monitoring systems to catch whatever is wrong and good alarm systems to make someone aware that something urgently needs attention. I would claim that we’re quite good at setting up, tuning, and handling alarms.

When I’m not at work, I’m often sailing, often single-handedly for longer distances. Alarms are important for ... [continue reading]


Published on March 22, 2024

Containerized Development Environment

Published on February 28, 2024