> Now, when you use Firefox it is as if you are using Firefox on the machine you are SSH'd into(including DNS resolution!).

Don't forget to check the "Proxy DNS when using SOCKS v5" option in Firefox.

I use the Socks-Proxy only for internal Websites:

You habe to create a local "proxy.pac" file with the following contents:

function FindProxyForURL(URL,host) { host = host.toLowerCase(); if (shExpMatch(host,"*.my-company.com")) { return "SOCKS5 127.0.0.1:9090"; } return "DIRECT"; }

Then set "file:///path/to/proxy.pac" as auto-config URL in the Firefox-proxy-settings. Don't forget to enable DNS-Requests over SOCKS5.

For services, which you can't proxy with SOCKS5, you can use LocalForward in your ssh_config: Match host your-workstation !exec "nc -vz xmpp.my-company.com 5222 &>/dev/null || { echo 'xmpp.my-company.com not reachable, using LocalForward' 1>&2 && exit 1 ; }" LocalForward 127.0xcafe1:5222 xmpp.my-company.com:5222

Then add the following line to your /etc/hosts: 127.12.175.225 xmpp.my-company.com

I used to do this all the time over port 53.

My closest coffee shop would allow people to access Wi-Fi only if you gave them full access to your Facebook account. DNS was the only port open to the outside world.

> My closest coffee shop would allow people to access Wi-Fi only if you gave them full access to your Facebook account.

What the???

I've seen this on Ubiquity hardware as an option too. Apparently it requires you to "check-in" via facebook to use it, whatever that means exactly. There is also an option to login via facebook without this though.

This was awhile back and was particularly nasty. No token, no check-ins, it was an unapologetic man-in-the-middle login prompt.

Terms of service had wording that made mining all data in your Facebook account sound like the intent.

How about no. Or hell no. If I see a request like that it is an immediate disconnect. Might as well have a requirement that they do a full anal cavity sweep before they can sell you a cup of coffee.

Interesting that they permit TCP port 53, rather than just UDP port 53.

RFC7766 "Recursive server (or forwarder) implementations MUST support TCP so that they do not prevent large responses from a TCP-capable server from reaching its TCP-capable clients."

large responses == some DNSSEC, some IPv6

My guess is that it stems from lax firewall defaults. "Allow port 53 - [tcp/udp/BOTH]?" (Yeah, I know that DNS can also work over 53/tcp, but it's rare compared to the 53/udp volume)

It's not as rare as it used to be a couple decades ago. If you block tcp/53 you will find a surprising number of things breaking as record sizes have increased over the years.

i think that is fine actually. however, if i would implement such thing i would probably redirect DNS traffic to my DNS server as long as you are not authenticated :)

I have been doing the same thing for awhile. It allows me to access all the services we have set up on the intranet in the office. With Tmux I move around from machine to machine and keep all the work stuff in the office.

The office is also a large university. Therefore, I have access to many additional library and other subscription services.

It’s great as a lot of the office struggled to get a work setup in place. I’m happily the only one who didn’t need Gotomypc. It also helped me save time durning this transition by not having to answer my less technical coworkers questions about getting Gotomypc set up.

Can I use this to potentially view a pdf on a remote server locally (as an alternative to an X server)? Would it be more efficient?

For those tasks I just use sshfs. I keep a ~/n/${host} directory where I access remote files like they were on my machine.