Setting up a proxy server at home
Update March 2010: You can now use the Google App Engine as a proxy server: http://lifehacker.com/5484934/run-your-own-free-proxy-through-the-google-app-engine
Why would you want a secure proxy server on your home machine?
There are several good reasons for a setup like this. The primary purpose is to encrypt your network traffic. You may want to hide your browsing or chatting from your employer OR something as benign as not wanting people to see your passwords when connected to a hotspot at your local $tarbuck$. When you are browsing through your home proxy server, whomever is 'sniffing' your netowork traffic can only see lots of random packets going to your home machine. Due to the nature of these programs, you should only set this up if you have a broadband router or other NAT device in front of your home network.
The following pre-requisites will make things a lot easier:
Doing this involves four steps:
All you have to do is launch puTTy and connect to your home machine whenever you wish to securely browse.
Why would you want a secure proxy server on your home machine?
There are several good reasons for a setup like this. The primary purpose is to encrypt your network traffic. You may want to hide your browsing or chatting from your employer OR something as benign as not wanting people to see your passwords when connected to a hotspot at your local $tarbuck$. When you are browsing through your home proxy server, whomever is 'sniffing' your netowork traffic can only see lots of random packets going to your home machine. Due to the nature of these programs, you should only set this up if you have a broadband router or other NAT device in front of your home network.
The following pre-requisites will make things a lot easier:
- Know your home machine's external IP address. For this, you'll need either a static IP address from your ISP *or* have a dynamic DNS client installed. For testing purposes, you can view it via http://www.whatismyip.com.
- Give your home workstation a static IP address on your home network. Open up a command prompt and type 'ipconfig /all' and note the current IP address, gateway, and DNS servers. Assign your computer a static IP address that is 50 more than its current dynamic IP (that's a safe bet since most home networks would never have >50 devices connected to it, even if the broadband router has a DHCP scope larger than that). Use the existing gateway & DNS servers.
- Know that your mom goes to college
Doing this involves four steps:
- Installing an SSH server on your home machine. SSH is an encrypted version of telnet which also allows a function called port forwarding. It's this port forwarding that allows you to redirect your network traffic through this proxy. SSH will also function as your authentication mechanism, keeping random people from being able to use your machine as a proxy.
- Installing a HTTP/Socks-5 proxy server on your home machine.
- Opening up the SSH port on your home firewall AND in WindowsXP's firewall (if it exists).
- Installing an SSH client with the appropriate port forwarding settings on your client machine (work machine, laptop, etc).
- Configuring each application to talk through the proxy
Step 1: Installing an SSH server on your home machine
- Download and install the SSHWindows installer from Sourceforge: http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=111688, accepting all defaults.
- Open up a command prompt (start > run > cmd) and type the following:
cd\program files\openssh mkgroup -l >> etc\group mkpasswd -l -u %username% >> etc\passwd net start opensshd
That will create a local ssh user group and give the current logged in user the ability to log in (the password will be the same as your windows login password - if it's blank, change it to something harder!). It will then start the ssh server service.
Step 2: Installing SpoonProxy, a Windows proxy server
- Download spoonproxy: http://www.pi-soft.com/spoonproxy/index.shtml. It costs $19 for a 1-user home license, but there is a 30-day trial.
- Launch spoonproxy: Start > All Programs > Spoonproxy > spoonproxy. Spoonproxy's default configuration works just fine, so just minimize it.
Step 3: Opening up ports in Windows firewall & your broadband router
- If windows XP firewall is enabled, you need to open up the incoming SSH port. To do this, right-click on My Network Places and choose Properties. Now right-click on your primary network card and choose properties. Go to the Advanced tab and click on Settings under windows firewall. Click on the Exceptions tab and then 'Add Port'. Name: ssh Port number: 22 (TCP). Click OK, OK, OK.
- Now you must open up the port on your broadband router. To do this, most broadband routers have a web interface. I can't walk you through this because it's slightly different on every system. You want to tunnel external port 22 to the (internal) IP address of your home computer port 22.
Step 4: Installing puTTy, a Windows SSH client on your work computer or laptop
- Download puTTy: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe.
- puTTy is a free SSH client that is a single executable; there is nothing to install. Save puTTy.exe to your desktop.
- Double-click on puTTy. First, scroll down the left column under Connections > SSH > Tunnels. From here, you need to add three ports to be forwarded. For Source Port, enter 80. For destination, type localhost:8080 then click on add
Do the same for what you see below: 443, localhost:8081 & 1080, localhost:1080. This forwards http, https, and socks-5.
- Now, go up to the top and click on Session. Under "host name or IP address", enter your home computer's external IP address or dynamic DNS name. Under 'saved sessions', type in "SSH home" and click on Save. This will save these connection settings
for everytime you want to connect to your home machine.
To connect, click on Open. You should be asked to accept the SSH certificate (choose 'Accept & Save'). Login using your home windows computer's login and password. You should then see a command prompt. You are now connected and set up to tunnel traffic - you can now minimize (don't close) puTTy. This session must remain open to proxy your web traffic.
Step 5: Configuring applications to go through the tunnel
- Firefox: I recommend configuring one browser (such as firefox) to always go through the proxy, leaving your other browser to browse your corporate intranet (or access
sites that you do not wish to proxy). Alternatively, you can simply tell firefox for which URLs to not use the proxy. In Firefox, go to Tools > Options > General > Connection Settings. Set up the HTTP and SSL connections as seen here:
You should now be browsing through your home machine. Remember, the speed will be limited to your home machine's upstream connection (since your home machine is essentially downloading the web page then re-uploading it to you). If you wish to test that it's working, close puTTy. You should now be unable to browse the 'net.
AIM and Yahoo both support SOCKS5 proxying. Simply go into the connection settings and enable socks5 proxying... server = localhost port = 1080 (default).
Done!
All you have to do is launch puTTy and connect to your home machine whenever you wish to securely browse.
Comments
This is some very useful
This is some very useful advice. Following it I was able to make a strong configuration at my friend's workplace, CNC China company. Everything went just fine and I want to thank you for this.
Need help...
need help please...i want free version like spoon proxy...
This is a very informative
This is a very informative article.I was looking for these things and here I found it. I am doing a project and this information is very useful me.
The issue with proxies is
The issue with proxies is that not all websites will work through them. This is especially true for sites that use 'trick' javascript to link to subpages, etc. It is also possible for a webserver to tell when proxy lies between the source and the client, and some will refuse to serve content if that appears to be the case. This is ostensibly to prevent anonymizing proxies being used to post in forums, etc, but it also blocks legitimate filtering proxies. This situation is unfortunate as proxies are a useful form of protection, but it is increasingly an issue as webdesigners start to use more and more complex code.
hi! i try to connect on
hi! i try to connect on putty with my username and psswd but it doesn't accept the psswd..?!
Solved - Another prob occured
I made it with the pass but when i set localhost,ports,etc on network settings on firefox and try to connect i get
Unauthorized ...
IP Address: xxx.x.x.x:xxxx (x=numbers,the port always changes)
MAC Address:
Server Time: 2011-09-26 15:15:28
Auth Result: The proxy server blocked the external users' connections.
any suggestions?
asd
if you are using CCPROXY go to Options click on advanced go to NEtworks and remove the check from "disable external users" that solved the problem for me
Free alternative of spoonproxy
Is there a free alternative of spoonproxy to be used in this configuration?
A couple of months ago when
A couple of months ago when i was still on windows (otherwise known as the dark ages) I used to use SpoonProxy but since i have changed to Ubuntu and I'm a little stuck, I've been looking for an alternative to spoonProxy in Linux without any luck, I also asked the experts at App Logic and didn't figure it out. I already set up ssh and telnet on my linux box, I'm only waiting for the proxy server.
A quick google suggests, a
Used a different SSH server
I substituted COPssh for the openssh install. COPssh is more up to date, maintained and more compatible. Provided the same functionality when used in tandem with spoonproxy and following your instructions. Also provides higher security since COPssh can be configured with a button click to provide the TCP proxy through SSH but NOT provide a command shell to the user. It can be used to provide a proxy without giving full dos prompt access to users, which can be a very good thing if you dont trust a user 100% access to your system. Works great using spoonproxy and the Putty settings you provided. If you deactivate shell prompt access on COPssh for a user, they should click the "Don't start shell" under connection>SSH inside putty (-: I run this in a Windows XP pro Virtual machine, but same setup should work in other windows versions. I would set spoonproxy to run in XP SP2 compatibility mode if you use it on other that XP OS.
free alternative
YOu could also try ccproxy, which is free for up to 3 users.
Could I please have a copy im setting up one for my house
i wat i to make a proxy at my house to get areound my school firewall that blocks a lot of stupid things
Yes you can try Squid,
Yes you can try Squid, Freeproxy or 3proxy
I NEED HELP!this morning my
I NEED HELP!this morning my computer just won't start because windows xp witch I am using need activation. I need to white a proxy address and port, but i don't know where to find that, can anyone help?
doesnt work very well. I
doesnt work very well. I tried google maps and it didnt work. I tried a page with javascript…didnt work either. Of course https didnt work but i expected that. When it does work its the fastest proxy i’ve ever seen though :) thanks.
thankyou for the information
thankyou for the information
Cannot connect to proxy
I have done everything that the article state and still cannot connect to the proxy. So here is the setup On my desktop (connected to router with port 22 forwarded to it) I can start the ssh and spoonproxy From my laptop (on the same router network i.e. my home network) I installed putty and was able to login my desktop which has ssh server When I configure my laptop firefox with the proxy settings, it says proxy not reachable. Just for testing I have disabled all the firewalls on both desktop and laptop. Can anybody give any suggestion what could be missing in my setup Thanks
Hi again. I noticed that in
Hi again. I noticed that in spoonproxy it does not register anybody logging or communicating with it so now I am suspecting somehome the ssh on my desktop is not forwarding the requests to spoonproxy on my desktop
how can i set up a proxy to work with firefox in windows 7
Hi, Thanks a lot for your lovely write up. Could you please assist me with steps on how to set up a working proxy for firefox on a windows 7 laptop. I use windows 7 home premium edition. Will be grateful for any help. Thanks.
XAZdvRRDdukIrN
DidnÂt know the forum rules aolwled such brilliant posts.
internet connection configuration
Hi, i work in an environment where all my clients machine log on to a domain and all IP addresses are obtained DHCP from our main server. the network has its own default gateway and dns. the office has taken delivery of a broadband from an ISP that has to be configured so that all the users in the office can have access to the internet whiles also having access to the office ict platform automatically. the modem from the ISP(MT882a) is such that it obtains its IP automatically from the ISP through DHCP and it has its own default gateway. in this case there are 2 default gateways one from the ISP and one from my office network. any time i want to access the internet am either disconnected from my office network which makes it impossible for me to access resources on my local network . what do i do to overcome this challenge so that i can configure the internet for my colleagues to have access whiles also accessing our local network simultaneously. your response will help much. thanks.
Hi...Can you tell me how to
Hi...Can you tell me how to set up this server on a cloud so that I can access the high-speed internet from the cloud?
cloud
usually VPS, virtual private servers, will give you all access to the server. you just follow the same instructions he gave here with the cloud server. thats my guess anyway. i have a few hosting servers and it seems that the main difference between a basic domain hosting server is that you have full root access to the server with a VPS and for $30/month for a basic package seems like a better solution then buying a VPN solution, e.g. viprvpn.
I work in the automating
I work in the automating processes field and a proxy is the only way to go. It is more secure and dirt cheap. I will say that your instructions were spot on as well.
error
when i clicked "open" on puTTy it gave this errorserver unexpectedly closed network connection. what did i do wrong?
Compatability
Anybody know if this works for Windows 7 Ultimate as the Client, and Windows Server 2003 running the Proxy server?
Yea..i want to know the
Yea..i want to know the exact same thing..
Putty problem
Hi! I have already sent this message a couple of hours ago, but I don't see it in this page. So I'm sending it again. I have been using your proxy server for a few months now, with no problems. Today, I couldn't connect to PuTTY and I discovered that my external IP address had been changed. Not me. Nobody else I know, since I am the only user. Anyway, I re-configured PuTTY with the new IP and I get the following message: The server's host key is not cached in the registry. You have no guarantee that the computer is the computer you think it is. The server's rsa2 key fingerprint is ssh-rsa 1024 c6:98:e6:1e:32:55:c3:9b:92:5b:da:3c:ee:ef:74:12 If you trust this host, hit YES to add the key to PuTTy's and carry on connecting. Hit NO if you want to connect only this time. I hit NO , and it works. However I do not understand why the external IP address has changed and by whom. I believe it is assigned by the ISP, but why would they change it? I had it for quite a while. Or, is there anything else I should worry about? Hackers, perhaps ..? By the way, I never bothered to register Spoon Proxy. I remember now that it was supposed to be on a 30 days trial. Is this a part of the problem? Should I trust the host and click YES to log it permanently into the Registry cache, as suggested in the message ? Thank you Franco
Reply to Security key
If you reply to NO on that message, you are NOT running a secure connection... EVERYTIME the IP address that you connects to changes, on either end you need to accept the new secure connection.
Can I throw PuTTy on a flash
Can I throw PuTTy on a flash drive, and have it work?
yes
yes
PuTTY/Proxy Sever
Hi! Your instructions are very clear and I have been able to set up the proxy server and PuTTY . Whenever I want to navigate the Web under the proxy umbrella, I open the PuTTY console and I fill in my name and PW. I must however request some clarifications. 1. In section 5 of your site (above) you suggest to configure one browser ( in my case Firefox Mozilla) to always connect via Proxy. In the Connection Settings screen ( Options) I had already checked the Auto-Detect Proxy Settings box and not the Manual one ( this was my earlier configuration, but then I switched, because I believe I had connection problems. Everything has been O.K ever since). Does it mean that Firefox is already configured for Proxy connection? 2. If the Firefox browser is already configured for Proxy Connection, do I still need to open the PuTTY program each time? 3. I had run an on-line security scan for my Sygate Firewall. This check showed that my connection is secure as ALL the ports, with the exception of one, appeared in STEALTH mode. The only open port was SSH Port 22. As this, from what I hear, is a potential weakness exposing me to hackers attacks, I decided to put port 22 on STEALTH, as well. I did this by going to the Sygate RULES tab and blocking the incoming TCP connections for SSH port.22. A new Security scan confirmed that now port 22 is indeed on STEALTH. However, this disables the PuTTY utility! In order to use it, I have to temporarily disable the Firewall and re-enable it only after PuTTY is in operation. Am I doing anything wrong here? Your comments? Thank you Franco Montreal, Canada
I have this all setup and
I have this all setup and working, but when I log into my home machine (with the proxy and openssh) with a new user I created I get prompted with a C:\.... what is the easiest way to lock down this user account so someone can not browse the files on my hard drive. I would like to share this account with some other people.
This step is optional, but
This step is optional, but since we are going to be proxying the data over the ssh tunnel then we should also proxy the DNS requests as well. The purpose of this exercise is to get to a site we might not otherwise be able to retrieve or just to anonymize our browsing from your location. If we tunneled our data through ssh and then asked the local DNS server for the ips it would defeat the purpose. So, add a boolean option into the URL "about:config" page in Firefox. Name the entry "network.proxy.socks_remote_dns" and set it to true. FYI: If you are using the program FoxyProxy you must make sure to go into the "options" section under "miscellaneous" and check the option "use SOCKS proxy for DNS lookups." FoxyProxy will override the about:config option set above.
On Mac OS
I am trying to set up the SSH sever on my College LAN as a proxy server.. I log in to the ssh and then give ssh -D 8080 -p 2020 username@ip
But is tells me usr/bin/ssh permission denied... Please help me at this..
help me plz....
im in the philippines can i request how to configure my broadband for proxies....thankz.....
Solution for use with HULU (possible)
This is a theory that should work for HULU outside the US provided your server is in the USA and your client computer temporarily does the following port-blocking. It takes advantage of a fail-over feature built into flash. while using this proxy config and watching HULU: Block destination ports 80, 1935 and 443 on the client and connect to your SOCKS proxy. Use a port blocker like Emsa Port Blocker to block those ports temporarily while using putty as a SOCKS proxy should cause flash to fail-over to the ports you have manually entered into FIREFOX or IE or whatever you are using with this proxy. Can someone test to see if this works? I'm not in a position to test this, since I'm in the USA. I would love to know this works for me so that next time I travel I'm all set for HULU.
Proxy settings
Hello! I have set up a proxy server as per your detailed instructions and configured the Mozilla browser for Manual proxy settings with the parameters given in your site.. When I open PuTTy, before opening an Internet session, and fill in my external IP address and "SSH home" , I do get the Command Prompt asking for my user name and PW for logging on the session. So the Proxy Server should be working. However, when I try to connect to the Internet, I get the " server not found message " .Finally, I discovered that the Internet kicks in only if I check the " autodetect proxy settings" box in the Mozilla options, instead of the " manual " box. Is this normal? Does it mean that my proxy server is setup correctly and functions well? The reason why I wanted to set up a Proxy Server is that recently I got warned by my ISP here in Canada that a U.S. company had tracked my IP address in connection with a Torrent d/load . I am not a heavy user of Torrent d/loads, but for the few times I might do this, as most of us do , I wouldn't want to have any untoward consequences, even though this is not, ( or not as yet!) illegal here in Canada. I just wanted to make sure that the Proxy Server I have set up works well, even though I do not expect to be... 100% invisible. I'd appreciate your comments Thank you Ittiandro
OK - I'll tell you why I'm laughing
This proxy setup can't really be used for the purpose you described. Answer to your question: Your configuration is broken, but I think you knew that already (-;
Proxy server
Thank you for your reply and your good humour!
First, if you mean that a proxy sever has a purpose totally unrelated to the one I described, ( which is, by the way, not illegal here in Canada, or at least not as yet!) I'd like to know what it is. I am curious.
If you only mean, on the other hand, that setting up a proxy server will not always prevent others from tracking down my IP, if they really want it, I totally agree with you. Today's technology is too sophisticated!
I would have thought, though, that it does help, don't you agree? Even with the best antitheft system , professional thieves will always be able to steal a car, of course, but an antitheft system, however imperfect, is certainly better than having none, or worse, leaving the keys inside!
Secondly, I certainly I didn't know that my configuration was broken. How could I possibly have known it, since I was always able to connect to the Internet? What I wanted to know is whether or not, with Mozilla configured for auto proxy detection rather than manual ( which didn't work) , I was still on a proxy server once I logged in on PuTTY.
Thank you
Franco
HAHA - Anyone guess why I'm laughing?
HAHA - Anyone guess why I'm laughing?
Don't care...
Don't care...
trouble
hey i cant seem to download spoonproxy or putty of the link you gave i dont understand why but it just gives me a black tab with the url typed in :S any idea why and how i can get round it? thanks
trouble
hey i cant seem to download spoonproxy or putty of the link you gave i dont understand why but it just gives me a black tab with the url typed in :S any idea why and how i can get round it? thanks
connection timed out
I set up the whole thing just like it is shown but when i hit open in puTTY it shows a terminal window and sits like that for about 20 seconds then says connection timed out. BTW im using ubuntu and the host is XP.
you are lucky - I have an
you are lucky - I have an answer.... when u run putty in UBUNTU, don't just click the putty icon. The connection is handled at the SU level. So, open a terminal window. Type sudo putty. Give your password. Login to your host. Then minimize all that and use firefox (not the system proxy settings). Should work fine. I'm using it now!
THANK YOU. That's all but you should know you are appreciated.
Finally, someone who know's how to put together a knowledgeable and informative step by step process on how networks evolved and can be utilized and can be customized.
I am trying to learn how to set up my own home network. I'm not a newbie, with regards to computers but the number of acronyms and protocols settings etc can leave one baffled and intimidated to even attempt it.
I want to set up a proxy so that I can attempt to STREAM my favourite radio station to my PSP.
I am currently using internet radio and don't like their stations.
This web sites has made me think... I CAN do this.
YOU my friend. Take the apprehension from even trying to do this. Thanks.
I have bookmarked your site and passed it on to my brother.
Bruce Hobson
Need advice
hi, I have a question here. Assume that i am using a proxy. I heard that if i visit a website that using https web page, or the website using JAVA, then the webmaster can be track my real ip. If i using your method above, the webmaster can also track my real ip? Thanks, Rex
Script - java or flash - can
Script - java or flash - can get outside your proxy. HULU is a prime example. To encapsulate everything, for sure, only a VPN will do. However, unless you are on the run from authorities (haha - I hope) this spoon/putty proxy works 99% of the time.
Post new comment