Comments on: paranoid browsing with squid

By: seamen

seamen — Fri, 22 Jan 2010 09:18:27 +0000

Thanks for bringing the reverse DNS issue up. Is there a way to send these through the proxy too?

I’m going to a country which censors Internet and I should resolve this before leaving :)

By: David

David — Sun, 06 Dec 2009 03:41:41 +0000

I was doing a tcpdump on my own traffic while using ssh -D and network.proxy.socks_remote_dns set to TRUE in FF and I noticed that although forward lookups are sent through the proxy reverse lookups are not. This poses no issue for browsing but does likely leave a trace of where you have been in the local side DNS server logs. Food for thought.

By: David VT

David VT — Fri, 23 Oct 2009 16:08:26 +0000

Out standing.. THANKS to all!
Using Adito (now part of openVPN) to tunnel to home
Running putty portable to connect to that tunnel
Setting firefox using the “about:config” access to change
network.proxy.socks_remote_dns to TRUE
Running FoxyProxy addin to firefox

Thanks Tex for the wireshark filter, found portable wireshark and just installed it!!
Running IE I see DNS queries, Running firefox with the tunnel I see no DNS queries.

If I enter (in firefox) an internal IP address at home (http://mylamp) for one of my intranet websites, I see the site here at work!

Now if I could just figure out how to do this with my voip phone in the middle east….. :)

By: clnl

clnl — Wed, 08 Apr 2009 17:50:25 +0000

In reference to testing if you are leaking dns, use wireshark. In the filter box, type UDP.port==53 and hit enter. That will filter so only DNS queries show up. If you start browsing and you see DNS queries going out to your normal ISP, then you’ve got trouble. Instead you shouldn’t see them at all.

By: Tex

Tex — Mon, 23 Feb 2009 14:51:53 +0000

This is a great setting in Firefox. Thanks for sharing it !

@ebdb : you can just filter tcpdump on port 53: “tcpdump port 53″

Tex

By: ebdb

ebdb — Tue, 03 Feb 2009 17:53:41 +0000

“does anyone have a proper tcpdump filter to verify that dns requests are going over the ssh tunnel?”

I was wondering the same thing. It’s one thing to set this all up, but how can we verify what data is/isn’t going over the SSH connection? Can someone suggest any tools or techniques to help with that?

Thanks for the post. I appreciate the info.

By: SB

SB — Wed, 07 Jan 2009 18:24:41 +0000

SB here again and I’m bit confused.

You say in A: Squid is handling the DNS. Given that, why would I need to set the 2nd option in about:config, network.proxy.socks_remote_dns = true when I’m not even using socks, I am using an http proxy?

As well, I’ve had another odd problem just start in the last day or two: I had to manually set my DNS for work in WinXP. I could surf, then it stopped serving pages in the browser. It would just say “Waiting for google.ca” and never time out or anything, just nothing. Then it worked for a while, now today it stopped. I set my DNS back to auto obtain and it works now.
SB, thoroughly confused.

By: dingo

dingo — Wed, 08 Oct 2008 14:32:37 +0000

does anyone have a proper tcpdump filter to verify that dns requests are going over the ssh tunnel?

just to verify that there are no leaks…

By: ian

ian — Thu, 25 Sep 2008 00:51:02 +0000

oh. my. this totally just saved me. thank you a million times for pointing this out, now firefox is working great over my netshare connection ;D

By: KC

KC — Mon, 03 Dec 2007 20:00:50 +0000

(In response to SB’s post above)

Answer to Question A: In this situation, Squid is performing the DNS lookups for you. Your computer would resolve ‘localhost’ without a DNS lookup, data for your HTTP traffic is sent over the port forwarding tunnel created by SSH and Squid will attempt to fulfill your HTTP requests by performing its own DNS lookups originating from its location.

Answer to Question B: Both methods accomplish the same amount of encryption and “hiding”, assuming you’ve configured Firefox like the article says (by going to about:config). With Squid, you would have an added layer of caching which may or may not be useful. In an asymmetric Internet connection like consumer-grade cable or DSL, the caching is of no practical use because download bandwidth is so much more than upload bandwidth.

By: SB

SB — Tue, 27 Nov 2007 19:05:40 +0000

I’ve been using IPCop and its SSH and Squid to surf through. I am not picking up and DNS ‘leaks’ with a packet sniffer either. However, I would like to know if you could tell me:
A: When my port forwarded traffic goes to localhost:9999 then gets forwarded through the shell to Squid on port 800, does Squid not handle all the DNS?
B: if I use -D in my plink.exe batch file, I am able to use Socks in FF, but otherwise, I’m using an http proxy. Is one method preferred over another?

My overall concern is unfiltered access to sites I need but also privacy. I don’t want anyone snooping on my DNS.

I’m looking at IronKey and other Tor on a stick ideas and am wondering if you have any other suggestions. I’d like to be anonymous, so my ISP isn’t watching all I do either. Thanks.

By: Oppressed

Oppressed — Thu, 12 Jul 2007 01:56:14 +0000

Thank you, thank you. This is awesome. This is also necessary in oppressive nations where they fiddle with DNS servers to block certain content (that is, using SSH SOCKS with local DNS is useless because the DNS lookup itself cannot be trusted). I’m not going to say where this is, but let’s just say they are hosting the 2008 Olympics.