DISCLAIMER: This has been written for educational purposes only. Please be aware and understand the risks of port-forwarding on home routers.

I’ve recently been traveling around different countries, and found myself needing a daily dose of entertainment. However, the issue arises when services such as Netflix, BBC iPlayer, etc. employ Geo-fencing techniques to restrict users to only watch shows within their residing country.

Several articles have been written about bypassing these with the use of paid VPNs, or even Github projects dedicated to routing through the VPNs on custom router firmware. However, Netflix and other streaming services are restricting more and more VPN IPs – making this harder and harder.

This article will discuss how to set up a simple SSH SOCKS proxy tunnel from your home network, so you can comfortably watch any service seemingly from your home (and not the country you are gallivanting about in).

Requirements:

A machine at home to proxy out of (Linux or Mac for easy mode)

A laptop to watch the services on (Linux or Mac for easy mode)

Administrative access to your router at home for port forwarding

Setup:

The first thing that needs to be done from your home before you go traveling, is to ensure that you have SSH running and can access it remotely from outside your home network. On the machine at home, ensure SSH is installed and running by typing the command (Linux): sudo apt-get install ssh once that’s installed, the service should be enabled by default. On Mac, you can do this by enabling remote login:

On Windows, its slightly more complicated, you can follow these steps to install SSH on windows.

Once SSH is up and running on the home machine, you should make note of your public IP to access this later on on your travels. This can be done by visiting a site such as ipchicken.com or running a simple terminal command such as wget -qO- ipecho.net/plain Make note of the IP as you will need this later on when connecting.

Enabling Port Forwarding:

Typically, most home routers will not have port-forwarding enabled, and will not allow remote connections inbound. Many articles are out there on how to forward ports from your router – each router will be different, but the following guideline should help:

Login to your router.

Navigate to your routers port forwarding or networking section

Create the port forward entries to map port 22 to your machine you have just enabled SSH on

Save the configuration

You should just be able to Google your router and port forwarding if you are having difficulties, for example: How to port forward on Netgear router.

If everything has gone smoothly so far, you should have a home machine with SSH running, its IP address to connect to later on, and port-forwarding enabled on your router so you can access the machine remotely. You can now head out on your travels!

Connecting Remotely:

Once you’re all set up, its time to start the SSH tunnel. With the laptop, go ahead and create an SSH Socks Proxy tunnel with the following command (Both Linux and Mac): ssh -D 1337 -C user@ip_address replace ‘user’ with your username of the machine at home, and replace ‘ip_address’ with the IP address you made a note of in earlier steps. Reproducing this on Windows can be a little more complicated, you can follow the instructions here.

If all goes to plan, you should be prompted for your user’s password – which you should enter. Once done, you’re tunnels are all set – we just need to make sure that the browser you are using to watch the services utilities the tunnel; In Chrome, go to the chrome://settings/ screen and click through to Advanced Settings. Find the Proxy Settings.

In Firefox, go to Preferences > Advanced > Network and find the Connection settings.

Ensure that you put in the relevant proxy settings (the host should be localhost, or 127.0.0.1, and the port should be 1337 as per the previous command). That should be now sufficient to load up Netflix, iPlayer, or similar, and watch the shows as though you are sitting at home!

Security Reminders:

Opening SSH to the world will likely result in brute-force attacks; Reduce the risk by:

Changing the default port from 22 to something else

Ensuring you are using a strong password

Consider changing to Key based authentication on SSH

Employ anti-Brute-force techniques such as Fail2Ban

This technique can also be used to bypass content filters, and has already been described in the following article: https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/

Happy Netflixing!