What is this about?
This is a small tutorial, which will show you how to set up a local Raspberry to serve as a so-called SOCKS 5 proxy-server for your local network. The Raspberry itself will connect to a remote server, which will then make the requests to other Internet servers with it’s own IP, thus masquerading the original requestor’s.
All computers on your local network can be configured to connect to the Raspberry, so they all can share the same connection to the remote server.
Usage #1: Unblocking
As we all know, many sites ban IPs outside of certain contries (* cough Hulu YouTube Pandora Grooveshark cough*) or severely limit the usage. YouTube for instance will block most (> 60 %) “copyrighted” content here in Germany … also Google will index some pages, according to German laws, etc. Other examples will be easily found by the astute reader.
Well what about the obvious case of a US citizen being abroad and wanting to access these and other services? Or a British citizen trying to access the BBC iPlayer?
All you need is a US / British IP address. If you also happen to own a US / British VPN (if not, we recommend Hostigation for US VPSes – affiliate link), then you’re set. If you happen to be a US citizen, that is. If not, well … probably you should not read on
Usage #2: Security & privacy
If you don’t trust your direct upstream connection, i.e. unsecure WiFi hotspot / sharing Internet through the neigbour’s connection, you might want to forward all traffic from your browser through a safe tunnel.
Usage #3: Advanced filtering
Set up remote server
On your server / VPS in the remote location (i.e. USA), we recommend to add a new user for SOCKS / SSH forwarding with regular (i.e. non-root) privileges. This is done for security measures, should someone obtain control of your Raspberry. (Many Raspberries are left with the pi / raspberry default login).
Linux will ask you for a password for this new user (in our example the username is “socks-foo”, pick your own), and some other questions, which can be safely accepted in their default values.
If you have OpenSSH server running, which you would need to log (“SSH”) into the remote location in the first place, -that’s it – you’re finished with the server.
If you access your “remote” machine directly or via some other means, please set up the OpenSSH server for this tutorial to work.
Consider setting up private key authentication and taking other security precautions which may be necessary, but outside the scope of this article. Please have a look at this article, for instance.
Set up Raspberry
We will have a Raspberry local server forwarding to the remote server(s). If in doubt, use the commands as root user / sudo them.
We will introduce you to an “instant on” solution first, and discuss in some more depth how it can be made more permanent in another article in this blog (coming soon).
Easy setup / test
In the easiest setup, you could start your SOCKS server simply by the following command
ssh -o ServerAliveInterval=60 -D0.0.0.0:8888 email@example.com
This will connect to the server example.com (you can also simply use it’s IP), with the user socks-foo, and set up dynamic forwarding on the port 8888 for all network interfaces on the Raspberry Pi. The ssh client will log into your example.com machine at this point, if you close the connection (exit), then the SOCKS proxy obviously will also stop working.
The 0.0.0.0 is important – without it, the Raspberry will open the port, but only on localhost – you will not be able to connect from other computers on your network to it.
You can verify that the port is indeed open (from another console) by
This will show you a list of opened ports, and which IP adresses and services they are bound to.
Also you can try to use curl to fetch content through socks (on another console logged into your Pi):
curl --socks5 localhost:8888 blog.pi3g.com
This should show you some HTML code.
In this simple test setup above, you need to connect to the Raspberry and enter the password to the remote server every time you want to use it. We will be looking at setting up a private / public key authentication method and installing the SOCKS proxy as a service in a future post.
Setting up your browser
Next, you can set up your browser to use the new SOCKS 5 proxy. We will demonstrate this with Firefox. A good idea is maybe to use a special browser just for connecting to the proxy, especially if the traffic on the remote server you are using is metered.
Open Firefox’ connection preferences:
Firefox > Options > Options > Advanced > Network > Settings …
Set up the IP of your Raspberry as SOCKS Host, the port you opened on the Raspberry Pi as SOCKS proxy port. Choose SOCKS v5, click OK.
To direct DNS requests through the SOCKS proxy, we will have to modify another value:
Enter about:config as URL in Firefox, and press enter to navigate to the page.
Click on “I’ll be careful, I promise!”, and find the setting network.proxy.socks_remote_dns and set it to true.
You can use the search to find this advanced setting more easily.
That’s it! Your browser will now use the new SOCKS 5 proxy you just set up on your Raspberry Pi.
Browser-Plugins, like Flash, will automatically use the new SOCKS 5 proxy.
Please note, that your console to the Raspberry Pi has to be open for the connection to work (if you close it, the connection to the remote server will be disconnected and your proxy will be defunct.) We will show you in an upcoming article how to make it permanent.