Script to enable/disable SOCKS proxy on Mac OS X

I’m working in a coffee shop today. I used SSH and SOCKS to browse the Internet securely, but today I decided to take it a step further and automate the process with a shell script. Here’s the script, for what it’s worth:

#!/bin/bash
disable_proxy()
{
        networksetup -setsocksfirewallproxystate Wi-Fi off
        networksetup -setsocksfirewallproxystate Ethernet off
        echo "SOCKS proxy disabled."
}
trap disable_proxy INT

networksetup -setsocksfirewallproxy Wi-Fi 127.0.0.1 9999
networksetup -setsocksfirewallproxy Ethernet 127.0.0.1 9999
networksetup -setsocksfirewallproxystate Wi-Fi on
networksetup -setsocksfirewallproxystate Ethernet on
echo "SOCKS proxy enabled."
echo "Tunneling..."
ssh -ND 9999 MYHOST.macminicolo.net

Instructions:

  1. Save this to a file. I saved it to “/Users/richard/bin/ssh_tunnel”.
  2. Make it executable and run it.
    $ chmod a+x /Users/richard/bin/ssh_tunnel
    $ /Users/richard/bin/ssh_tunnel
    
  3. It creates an SSH tunnel to my dedicated server at macminicolo.net and routes Internet traffic through that server.
  4. Hit Control-C to quit. The proxy is disabled. No need to fiddle with Network Preferences manually.

UPDATE March 18, 2011: I haven’t tried it, but Sidestep appears to be a free Mac OS X app that will enable SSH tunneling automatically when you connect to an insecure network.

13 replies on “Script to enable/disable SOCKS proxy on Mac OS X”

  1. In ML, when you run the scripts you have to enter your password several times (one per networksetup). To avoid this run:

    sudo ./ssh_tunnel.sh

    That’s it

  2. I fought this quite a bit and was able to finally get it to work on Mtn Lion.

    networksetup -setsocksfirewallproxy Ethernet 127.0.0.1 9999 will not work on my machine. After much googling and guessing I found that this works.
    networksetup -setsocksfirewallproxy “Ethernet Adaptor (en0)” 127.0.0.1 9999

    Everywhere it refenced the device Ethernet replace it with “Ethernet Adaptor (en0)”

    I found nothing on the net about it but hope it helps someone else.

  3. Anyone ever get

    channel 17: open failed: administratively prohibited: open failed
    channel 18: open failed: administratively prohibited: open failed
    channel 19: open failed: administratively prohibited: open failed

    errors?

  4. Thx, is was looking for this. However I do not have a lot of experience with scripting. Could you explain why you put in the first 7 lines.
    1. Lines 10-13 enable the SOCKS proxy on your Wi-Fi and Ethernet adapters. Line 8 tells the script to listen for any key press of CTRL-C and then run lines 2-7, which disable the SOCKS proxy on the Wi-Fi and Ethernet adapters.
  5. Thanks for posting this. It was exactly what I needed.

    One important update that you might want to mention is that in Mac OSX Lion, there is no service called ‘Airport’, and so this script will fail. Just replace ‘Airport’ with ‘Wi-Fi’ and it works like a champ.

  6. Regarding your update, I believe Sidestep only works for the AirPort (wireless) interface, which meets most people’s needs, but not if you are connecting by ethernet to an insecure network, or otherwise desire tunneling when cabled.

Comments are closed.