Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What is the advantage you see of tunnelling X like that over just tunnelling the network connections with ssh -D?


Not all of the web browser traffic goes through the tunnel when you set a proxy in the browser. DNS queries for example do not. Flash programs such as video players also connect directly to the remote website and do not use the proxy. If you don't know those two facts you might be leaking way more information than you want on the local network!


Firefox defaults to not proxying DNS, but if you set "network.proxy.socks_remote_dns" to true in about:config, it will happily do so for SOCKS proxies. If you use FoxyProxy (which is pretty damn useful if you proxy over an SSH tunnel regularly), it has a checkbox that enables or disables it per-proxy.


AFAIK dns queryies can be made to go using proxy (I think its Socks v5 that enables this). I'm using ssh -D and socks v5 setting in my firefox when I need to see website that are blocked by very prohibitive proxy.

Why would flash programs bypass proxy? At my work they wouldn't be able to connect it they weren't using proxy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: