Access US Only Websites from Outside the USA with a SOCKS Proxy & SSH Tunnel
A wide variety of websites and online services are region restricted to the USA: Hulu, Netflix, Pandora, annual credit reports, some banks, the list is significant. Region restrictions are generally something you don’t notice until you need to access a website from outside the USA, and then they’re a huge pain. We’ll show you how to get around region restrictions securely by using a SOCKS proxy and SSH tunnel.
Before getting started, you’ll need the following to set up a socks proxy for this purpose:
- A US-based web hosting or shell provider that allows SSH access, including a username and the remote machines IP
- Basic understanding and comfort with the command line
This walkthrough is aimed at Mac OS X, but you should be able to configure things much the same with iOS, Android, and Windows too.
How to Set up an SSH Tunnel and SOCKS Proxy in Mac OS X
Assuming you have a US host squared away, let’s begin:
- Go to the Applications folder, then to Utilities, then launch the Terminal and use the following syntax to set up the SOCKS proxy:
- For example, if your username is AJ and the remote host IP is 75.75.75.75, and you want to setup a proxy on port 2012, the syntax would be:
- Login as usual and maintain the shell connection for as long as you intend to use the proxy, if you’re concerned about remote host timeouts just ping localhost or another ip
- Now go to the Apple menu and open “System Preferences”
- Click on “Network” and then click on “Advanced” in the lower right corner
- Click on the “Proxies” tab and click the checkbox next to “SOCKS Proxy” from the protocol menu
- Fill in the SOCKS Proxy server as 127.0.0.1 and provide the port from earlier, in this case 2012
- Click “OK”
ssh -D port_number user@remote_host_ip
ssh -D 2012 AJ@75.75.75.75
Now launch a web browser and double-check the external IP address of the Mac to confirm with a website like whatismyip.org, or by running the following at the command line:
curl ipecho.net/plain ; echo
You can also use whatismyip, which seems to change their service but sometimes works:
curl whatismyip.org
Your IP should now register as the remote US-based host you tunneling through, and you are free to view US region restricted content. If you aren’t sure what the IP region registers as, do an nslookup on it like this:
nslookup (ip address)
Using one of the localizer services on the web can work too, they get a rough location based upon ip address detected and that can also determine if you’re actually using the proxy or not.
Side note: in some cases, specifically with websites that redirect based on region, you just need to find the proper URL and you don’t need to tunnel at all. A very useful example is stopping Google.com redirecting to another region by using their NCR site, but there are other search engines and websites that have similar alternate URLs.
Anchorfree’s Expat Shield has free and low cost version
Now I just need a way to trick BBC.co.uk into letting an American watch Dr. Who from their website.
Use a UK shell provider instead and the idea is the same
Terminal and iTerm has no proxy support.
How you get the right external ip with the curl command?
I’m not being sarcastic when I say that I’ve known about this for at least 15 years …but it does little good without a solid shell provider. Any recommendations?
Why bother modifying system preferences when you can set individual browsers to use the proxy?
FIREFOX: about:config
CHROME: chrome://settings/browser
Set the socks proxy & port, whole thing stays just in that browser rather than system wide.
Use -f to send it into the background, and -N for added security:
ssh -f user@remote-ip -L 1080:remote-ip:80 -N
That way you are also sending the local port to remote port with full encryption. PS: 1080 is a standard proxy port.