Access US Only Websites from Outside the USA with a SOCKS Proxy & SSH Tunnel

Nov 29, 2011 - 7 Comments

Terminal in OS X

A wide variety of websites and online services are region restricted to the USA: Hulu, Netflix, Pandora, annual credit reports, some banks, the list is significant. Region restrictions are generally something you don’t notice until you need to access a website from outside the USA, and then they’re a huge pain. We’ll show you how to get around region restrictions securely by using a SOCKS proxy and SSH tunnel.


Before getting started, you’ll need the following to set up a socks proxy for this purpose:

  • A US-based web hosting or shell provider that allows SSH access, including a username and the remote machines IP
  • Basic understanding and comfort with the command line

This walkthrough is aimed at Mac OS X, but you should be able to configure things much the same with iOS, Android, and Windows too.

How to Set up an SSH Tunnel and SOCKS Proxy in Mac OS X

Assuming you have a US host squared away, let’s begin:

  1. Go to the Applications folder, then to Utilities, then launch the Terminal and use the following syntax to set up the SOCKS proxy:
  2. ssh -D port_number user@remote_host_ip

  3. For example, if your username is AJ and the remote host IP is 75.75.75.75, and you want to setup a proxy on port 2012, the syntax would be:
  4. ssh -D 2012 AJ@75.75.75.75

  5. Login as usual and maintain the shell connection for as long as you intend to use the proxy, if you’re concerned about remote host timeouts just ping localhost or another ip
  6. Now go to the  Apple menu and open “System Preferences”
  7. Click on “Network” and then click on “Advanced” in the lower right corner
  8. Click on the “Proxies” tab and click the checkbox next to “SOCKS Proxy” from the protocol menu
  9. Fill in the SOCKS Proxy server as 127.0.0.1 and provide the port from earlier, in this case 2012
  10. Click “OK”

Setup and use a SOCKS Proxy in Mac OS X

Now launch a web browser and double-check the external IP address of the Mac to confirm with a website like whatismyip.org, or by running the following at the command line:

curl ipecho.net/plain ; echo

You can also use whatismyip, which seems to change their service but sometimes works:

curl whatismyip.org

Your IP should now register as the remote US-based host you tunneling through, and you are free to view US region restricted content. If you aren’t sure what the IP region registers as, do an nslookup on it like this:

nslookup (ip address)

Using one of the localizer services on the web can work too, they get a rough location based upon ip address detected and that can also determine if you’re actually using the proxy or not.

Side note: in some cases, specifically with websites that redirect based on region, you just need to find the proper URL and you don’t need to tunnel at all. A very useful example is stopping Google.com redirecting to another region by using their NCR site, but there are other search engines and websites that have similar alternate URLs.

.

Related articles:

Posted by: AJ in Command Line, Mac OS, Tips & Tricks

7 Comments

» Comments RSS Feed

  1. Kyleandrew says:

    Anchorfree’s Expat Shield has free and low cost version

  2. William says:

    Now I just need a way to trick BBC.co.uk into letting an American watch Dr. Who from their website.

  3. Terminal and iTerm has no proxy support.
    How you get the right external ip with the curl command?

  4. Brad Zimmerman says:

    I’m not being sarcastic when I say that I’ve known about this for at least 15 years …but it does little good without a solid shell provider. Any recommendations?

  5. Scott H says:

    Why bother modifying system preferences when you can set individual browsers to use the proxy?

    FIREFOX: about:config

    CHROME: chrome://settings/browser

    Set the socks proxy & port, whole thing stays just in that browser rather than system wide.

  6. Yuri says:

    Use -f to send it into the background, and -N for added security:

    ssh -f user@remote-ip -L 1080:remote-ip:80 -N

    That way you are also sending the local port to remote port with full encryption. PS: 1080 is a standard proxy port.

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site