Skip to content

Instantly share code, notes, and snippets.

@eabase
Forked from rwb27/socks.md
Created November 27, 2020 10:05
Show Gist options
  • Save eabase/75f931bb9fd9a5c65286793452c55082 to your computer and use it in GitHub Desktop.
Save eabase/75f931bb9fd9a5c65286793452c55082 to your computer and use it in GitHub Desktop.
Internet access for a Raspberry Pi on a hidden network

Setting up a SOCKS proxy on a Raspberry Pi

My problem: I have a bunch of Raspberry Pi computers, all connected via a network switch and USB ethernet port to a "gateway" Raspberry Pi. However, I don't particularly want them all to be internet-connected all of the time, because (1) it's possible there is a slight security risk and (2) my IT folk at work might not like it. OK, I should also mention (3) I tried and failed to get NAT and dnsmasq to work, and don't have time to finish debugging it.

My solution: I SSH in to my "gateway" Pi (is it ok to call it a gateway even though it's resolutely failing to route any traffic? Never mind...), and from there I can connect to my hidden Pi(s), let's say for arguments sake it's called hiddenpi.local.

Now, I can SSH back again, setting up a SOCKS proxy:

ssh  -D 8123 -f -C -q -N [email protected]

This will ask for a password and then look like it quits - it's still running in the background, though. You can check it's working with:

curl --socks5-hostname localhost:8123 binfalse.de

You can then add the proxy to APT's settings to allow you to install stuff. Create a new config file with:

sudo bash -c "echo 'Acquire::http::Proxy "socks5h://localhost:8123/";' > /etc/apt/apt.conf.d/99socksproxy"

Or you can do it manually by first making a file:

sudo nano /etc/apt/apt.conf.d/99socksproxy

then entering the following line:

Acquire::http::Proxy "socks5h://localhost:8123/";

NB the socks5h matters - without the h it will fail on DNS resolution, unless you've done a better job than me of proxying that!

You can then install the tsocks utility, which allows you to forward anything you like through the socks proxy:

sudo apt-get update
sudo apt-get install tsocks

Edit /etc/tsocks.conf and make sure you specify at least the server type (5), server address (127.0.0.1), and port (8123).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment