LF tip: Jabber and Firefox via SSH

[Illustration]by Laurent Richard, in December 2006 (article #394). Translated from French to English by Jean-Etienne Poirrier (homepage).

In this short article, also called a tip, I will show you how to use SSH to get around a (too) exacting proxy or firewall. Of course, the SSH port must not be filtered.

Table of Contents 


You are in a place where Internet streams are filtered or require an authenticated access, free or not.

In short, you don't want or you can't go by the "usual" way.

The SSH port is open and you can connect yourself to a remote server that has a free access to Internet.

I will try to fulfil your curiosity by showing you how to pass a stream through two chosen applications (among a myriad of others) via a SSH tunnel:



Here is the command to type in a your favorite terminal (gnome-terminal, ...):

ssh -D 4242 (example port) remoteserveraddress (fixed IP or domain name)

Then, in your browser, you only have to configure (via the advanced options) the SOCKS5 proxy as localhost:4242.

This works very well for Firefox but you should take care to empty all the other proxy fields (except the one for socks, of course).

Without that, Firefox thinks it deals with a classical http proxy.



For Jabber, we need some additional explanations ;)

Here is the command:

ssh -L 1234:localhost:4242 -R 4242:jabber.org:5222 isiarlon.hopto.org

To explain a bit this command, we create a SSH tunnel on the local port (localhost) 1234 to the remote port 4242. Then we create a new SSH tunnel from the remote port 4242 (on isiarlon server thus) to the Jabber server port 5222 (here: Jabber.org).

In summary the remote port 4242 plays as an intermediary between our computer and the Jabber streams reception port. (This technique can be applied to other protocols).

Let's try a bit this new connection (if it doesn't work, we'll look a bit stupid).

telnet localhost 1234



This technique also works to test http and other protocols.

The result should look like this:

<?xml version='1.0'?>
<stream:stream xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' id='none'
from='jabber.org' version='1.0'> <stream:error>
<xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/>
</stream:error></stream:stream>Connection closed by foreign host.

Next, you only have to configure your instant messaging software with localhost as a server and 1234 as a communication port.


Now, if it works, you'll be glad and connected to the world.
Imagination is more important that knowledge --- Albert Einstein

About the author

[Photo of the Author]Laurent is a M.Sc. in commercial and financial sciences. Passionate about free software, he participates in a lot of projects about freedom and consumer protection in relation with new technologies. He also attends courses to become a B.Sc. in computer sciences but he by far prefers theoretical topics to lines of code. This doesn't prevent him from being concerned by his fiancée, hacking, computer security and its implications.