ssh does SOCKS proxies, which is great if you're at a coffeeshop and don't want your web traffic going untunnelled over their network. To use it, you might make a command called socksproxy_to with:
#!/bin/sh
ssh -D 8080 -Nf $*
echo "Configure your browser to use a sock proxy on localhost port 8080"
and invoke that when you like as:
- socksproxy_to my.trusted.server
I think I've said that before. Recently, I discovered 3proxy, a fairly popular zero-configuration (no futzing with config files) http, ftp, and socks proxy. This is useful for slightly different network challenges, e.g. you're on a private network where you can't directly address the outside world but you have a shell account on a box that can (or alternatively if you want to dodge location-aware network service offerings and have a box in or outside of the relevant countries *cough* BBC *cough*). Just like ssh, you don't need root anywhere.
This is also useful if you need an app proxied that doesn't understand SOCKS (which is sad, but it happens - example: the "yum" package manager).
If you have 3proxy installed on your intermediary system, starting a HTTP proxy on port 9000 looks like this:
- proxy -p9000
Pretty simple. If you want to be slightly more secure, you can tell it what IP addresses it should listen on if you're using this to hop from a nonroutable non-NAT network to its routable one using a -iINTERNAL_IP flag.
This is simple enough that it merits the term K-Rad (although given all the years it's been since I used it, I wonder if those darned metric-weenies have gotten around to redefining the K there as being 1000 instead of 1024 like it should be).
A systems geek is a lot like Felix the Cat - with a well-stocked bag of tricks.
