Attempting my first port forwarding through SSH

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I want to use a VPS as a private proxy, and intend to do a SSH port

My internet browser (Firefox) network connexions are configured as:

HTTP: Port 5000

The Putty tunneling (I use a Windows desktop) is set as:


Source Port:5000 Destination:

This worked in the past on my last shell account but I have now changed
shell provider and it does not work anymore.

I think maybe my new shell needs me to open some ports, but I would
have thought 8080 is always open.

Do you have any idea of what can be wrong? Or would you do something
different from what I have done if you wanted to do a SSH port
forwarding for internet browsing? (This is a Debian VPS)

Re: Attempting my first port forwarding through SSH

Ok, are you running a proxy on the localhost interface, port 8080 of
the VPS?

If not, perhaps you need to set up a dynamic map on port 5000 instead
(leave destination blank). Then putty acts as a socks server, opening
ports as required.

Quoted text here. Click to load it

Re: Attempting my first port forwarding through SSH

ADFHAU presented the following explanation :
Quoted text here. Click to load it

lets see if I got it correct...

localhost=my computer (?)

am I running a proxy on my computer? No

interface? What interface?

Quoted text here. Click to load it

Re: Attempting my first port forwarding through SSH

Quoted text here. Click to load it

Ok.. = IP address of the local loopback interface on a computer

Ie. It behaves like a network card etc. that happens to talk back to

When you set your browser to use, port 5000, you're
instructing it to talk to itself on port 5000.

You're then instructing putty to map local port 5000 to REMOTE address - the remote machine's loopback interface - on port 8080..

Ie. Every machine that supports TCP/IP should have a loopback interface
by default (even my Nokia N70 does, but you can remove it from some systems -
this DOES cause problems tho).

So, my question is, are you running a proxy server on the remote
system, on the local loopback interface, on port 8080 (Programs,
especially ones such as proxy servers etc., can be configured to
respond only to specific interfaces, such as the local loopback, or the
one connected to a specific network)? If not, then you either need to
set up this proxy server... or, alternatively, if you don't need
advanced proxy functions like caching/filtering etc.. you can just
instruct PuTTY to add a dynamic port forward with address 5000 and no
destination address or port..

You then fill in in the SOCKS proxy section of your webbrowser,
rather than the HTTP proxy section (In IE, click Advanced)..

Hey presto, you're surfing via the remote system with no software on the remote
server other than sshd.

Re: Attempting my first port forwarding through SSH

Quoted text here. Click to load it

Thanks for explaining, I do understand how it works now, it seems like
still not working...

This is a screenshot of my Firefox settings:

This is a screenshot of my Kitty configuration:

I have changed some settings in the Firefox network set up to see if
the problem solved, I changed socks5 for socks4 but nothing, and
deleted the "No proxy for:localhost" to see if anything worked, but
basically the browser still does nothing, I think my Firefox settings
are correct.

I am wiling to install a proxy on the VPS if that is what is needed to
make it work, I just do not know the package that will do that.

This is a barebones VPS, it had no lynx, no postfix, no alpine, no
software at all, it does have lynx now and it can access the internet
so no firewall problem.

 I thought port forwarding would work out of the box but apparently
not. I believe the problem is with the configuration at the VPS.

The dynamic port forwarding was a great idea and I do not know why is
not working...

This is my etc/ssh/sshd_config file at the VPS:

Yunai# vim sshd_config

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will
bind to
#ListenAddress ::
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

Re: Attempting my first port forwarding through SSH

Quoted text here. Click to load it

I get a connection interrupted message I think this may reveal some
clues, not sure...

This is the message I see on my Firefox browser when using Local port
forwarding L5000:

If I use the dynamic port forwarding D5000, I do not see that message,
the browser simply does nothing (blank page).

Site Timeline