Skip to main content

Use SSH Dynamic Port Forwarding to Bypass Great Firewall Of China

dynamic port forwarding

Dynamic port forwarding can be used to bypass the great firewall of China or any other firewall or Internet Filtering system. In this tutorial, we are going to look at using two SSH clients, OpenSSH client and PuTTY, to create a secure SSH tunnel with dynamic port forwarding function.

To follow this tutorial, you will need to have your own Linux server with OpenSSH server daemon running. You can rent a good VPS from Digital Ocean for $5/month.

Let’s start with the OpenSSH SSH client.

Dynamic Port Forwarding with the OpenSSH SSH Client

The OpenSSH SSH client is shipped with almost every Linux distribution. The following command will connect you to the remote SSH server and at the same time enable dynamic port forwarding.

ssh -D port-number [email protected]

If you have a user john on the remote SSH server, then you can run:

ssh -D 1080 [email protected]

Enter the password for user john. -D option enables dynamic port forwarding. 1080 is a common port. You can also use other port such as 8080.

After you run this command, a secure SSH tunnel with dynamic port forwarding will be established between your Linux PC and your SSH server. The ssh client will be listening on acting as a local SOCKS proxy server. You can check this out with

sudo netstat -lnpt
ssh dynamic port forwarding

Directing Browser Traffic Through the SSH Tunnel

Now in your Firefox browser, go to Preferences > Advanced > Network > Settings.

firefox network settings

Select Manual proxy configuration. Enter in the SOCKS Host field, enter 1080 as the port number. Check SOCKS v5 and Remote DNS. Hit the OK button.

firefox proxy settings

If you don’t check Remote DNS, your DNS traffic will not be tunneled.

Now go to You will find your IP is the SSH server’s IP. You have successfully bypassed the firewall and can freely browse the Internet.

If fact, all programs with SOCKS proxy support can use this SSH tunnel to hide the real IP address.

If you are on a slow network, compression can be enabled with -C option to speed up connection like below:

ssh -C -D 1080 [email protected]

Dynamic Port Forwarding with PuTTY SSH Client

The PuTTY SSH client also support dynamic port forwarding. On Debian/Ubuntu, PuTTY can be installed with:

sudo apt-get install putty

Open PuTTY SSH client, select SSH > Tunnels on the left pane. Then on the right pane, enter the source port such as 1080. Select Dynamic as the type of port forwarding and Click Add button.

PuTTY dynamica port forwarding

Then click Session on the left pane, enter your server’s IP in the Host name field. In the Save Sessions field, enter a name for this session like DPF (dynamic port forwarding) and click Save button.

PuTTY Configuration_006

Then enter your username and password to connect to the SSH server. An SSH tunnel with dynamic port forwarding will be created and PuTTY will be listening on acting as a local SOCKS proxy server. Check out listening ports on your computer with netstat command:

sudo netstat -lnpt
putty socks proxy

Now all you need to do is direct your browser’s traffic through this SSH tunnel.

All traffic in the SSH tunnel is encrypted. If you are using insecure public Wi-fi, you may consider using SSH dynamic port forwarding to encrypt all your traffic.

Note that the SOCKS proxy will stop working when the SSH session ends.

Comments, questions or suggestions are always welcome. If you think this post is useful, ? share it with your friends on social media! Stay tuned for more Linux tutorials.

Rate this tutorial
[Total: 0 Average: 0]