ssh tunnel and change IP

I create my tunnel in my laptop via:

ssh -p 22 -CfND 7777 mohsen@myserver

After input my password, connection is established.
And via socks5 in firefox I use 127.0.0.1:7777 and I can browse many filtered sites.
But google or some site understand that I use tunnel, How can i configure my ssh server to tell google or another site that I am not fake?

Asked By: PersianGulf

||

It’s not about the SSH server but about the SOCKS5 client: Firefox.

When Firefox performs the DNS lookup, any DNS server (such as Google’s) able to do Geolocalization through DNS will issue a DNS answer tailored for the client‘s (or its NAT router’s …) actual IP address, not for the SOCKS5’s server IP address. Or also if the client is set to use a recursive DNS server (eg: ISP’s) for resolution that performs filtering at the DNS level, this DNS server might directly filter the request without letting the client receive the actual address that the final DNS server would have provided.

By default Firefox will continue to perform its own DNS resolution whether using a SOCKS5 proxy or not, or at least that’s the default for Firefox 115 ESR where false appears as the default (not bold) and true as a changed parameter (bold) for network.proxy.socks_remote_dns.

The documentation about network.proxy.socks_remote_dns tells:

Background

This preference controls whether DNS lookups for SOCKS v5 clients
happen on the client or on the proxy server.

Possible values and their
effects

true

Have the proxy server perform DNS lookups.

false

Perform DNS lookups on the client.

So

  • go to Firefox’s settings in advanced configuration preferences (reachable with the special Firefox URL about:config without anything else)

  • input in the parameter search network.proxy.socks_remote_dns

  • toggle it from false to true

Because the OpenSSH SOCKS5 implementation supports only TCP and not UDP, one should also verify (tcpdump on client system) or ensure (firewalling on client system) that the client (Firefox, Chromium etc.) won’t use QUIC or HTTP/3 over UDP without the SOCKS5 proxy if UDP SOCKS5 attempts fail and thus "leak" the actual position, though I doubt this would happen.

Answered By: A.B
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.