Say I have a server and client. I need to create connection from client to a website through server like it was proxy.

Is it possible to do this using a SSH tunel, or do I have to install some proxy service to the server?

Jakub Arnold
  • 1,674
  • 10
  • 25
  • 33

8 Answers8


You can do this using ssh

ssh -L 80:remotehost:80 user@myserver

You will have a tunnel from your local port 80 to the remotehost port 80 then. This does not have to be the same as myserver. To make that transparent you should add an entry to the hosts file. If you don't do that vhosts will not work. If you want a SOCKS-proxy connection you could also use

ssh -D 5000 user@myserver

This will create a SOCKS-proxy on localhost port 5000 which routes all requests through myserver.

  • 1,043
  • 10
  • 13
  • 3
    If you need that tunnel to be available from clients outside your box, add the -g option. – mr-euro Oct 26 '09 at 15:35
  • 1
    The command as written didn't work for me. I had to replace the remote host with the loopback like this: ssh -L 80: user@myserver – eficker Jun 24 '14 at 00:37
  • 1
    Would be more usefull if the remote port were diferent from the local one `ssh -L 81:remotehost:80 user@myserver` local port 81 talks as if it was 80 on remote. – Rafareino Jul 19 '16 at 18:14
  • 1
    If you want to add the SOCKS proxy through your ~/.ssh/config, use: ```Host myserver User user DynamicForward 5000``` – bonh Feb 22 '17 at 18:03
  • "To make that transparent you should add an entry to the hosts file" perhaps you could elaborate on this bit? – mallwright May 21 '21 at 18:29
  • And will this work for HTTPS on port 443? – mallwright May 21 '21 at 18:31
  • do i have to run a squid proxy or what should I run on myserver, for it to route it to remotehost ? – indianwebdevil Oct 29 '21 at 06:54

Yes it is possible.

Run ssh -D port user@host and set up your client to use your box as a SOCKS proxy.

If you need a HTTP proxy specifically then you can use Proxychains and route it via the previous SOCKS.

  • 838
  • 3
  • 14
  • 31

sshuttle works like an VPN but over SSH.

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.


  • 23,798
  • 5
  • 54
  • 81
Kasper Grubbe
  • 301
  • 4
  • 9

Putty does this pretty well too.

Under SSH, go to Tunnels. At the bottom, put 8080 in the port, and for destination, leave it blank and select the "Dynamic" radio button. That's all you need to do, now connect to the server using Putty.

Once connected, you have a proxy server running on your localhost at port 8080 which will proxy all requests thru your server.

Now use a web browser and setup the proxy by setting host=localhost and port=8080 and make sure it is a SOCKS proxy that you select. I do this all the time, so if you use Firefox, make sure to install the FoxyProxy plugin since it makes turning the proxy on/off a one click affair.

Caution: Be aware that by default, your DNS requests are not proxied. So the website that you visit via the proxy will still be logged (if they log this stuff). You can set firefox to proxy DNS requests as well, it just doesnt do it by default.

  • 1,844
  • 6
  • 29
  • 42
J Sidhu
  • 440
  • 2
  • 4

To allow a proxy to be run a computer, and allow other clients to connect to you will need the -g option. So for example, you would run this on the server named foo:

ssh -g -ND 9191 root@remotehost

You can then set the proxy in the browser of a client to use server foo and port 9191 for a SOCKS proxy. The clients will send their requests too foo, who in turn will forward the request through ssh to remotehost. So on the internet, it will look like they are using remotehost.

If you want to forward DNS requests as well with firefox, edit the about:config in firefox and set network.proxy.socks_remote_dns to true.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444

You can use SSHUTTLE, heres a tutorial on how to use it,


heres a tutorial how to set it up to work as a service,


  • 288
  • 3
  • 7

I experienced some difficulties while trying to forward sockets. Especially in the situation where nginx uses a socket to serve flask based website: Here is my experience:

Socket forwarding could be written like this:

ssh -R /run/temp1.sock:/run/temp2.sock somehost -N

temp1.sock refers to a socket on the remote site. ssh does not accept to use an existing remote socket, but needs to create it. It is created with 600 permission, so after creation, one must make it available to nginx by adding w/r privileges to www-data user.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47

Simple tutorial for HTTP tunneling with SSH

I didn't understand the top answers at first glance so I looked for a tutorial. Here's what I learned and achieved.


You are on your client machine, that is any computer you can type commands into. You want to connect to a machine called remotehost, while tunneling your traffic through a machine called proxyhost. You can connect with ssh to proxyhost. remotehost can't be reached from your client, but can be reached from proxyhost.


  1. On your client, run this command:
  2. ssh <local-port>:<remotehost>:<remote-port> <username-on-proxy>@<proxyhost>
    • <local-port> is a free port on your client, like 8000;
    • <remotehost> is the domain name or the ip of the remotehost machine. Note that this domain name or ip can be meaningless or unaccessible for your client. The important part is that is meaningful and accessibile for your proxyhost. *. <remote-port> is the port you want to reach on remotehost, like 80 for http or 443 for https. *. <username-on-proxy>@<proxyhost> is the way you access on proxyhost with ssh and your account on that machine.
  3. At this point you can navigate to localhost:<local-port> and browse/use the remotehost's resources.
  • 1