How to chain SOCKS proxies?

Question

I have a working socks proxy from my laptop (machine A) to machine B:

[A]$ ssh -ND 8888 B

I can set up firefox to use socks proxy on the local port 8888, and browsing works. So far so good.

But I also have a socks proxy between machines B and C:

[B]$ ssh -ND 8157 C

So I can browse on B as if I were on C.

Is there a way to chain the two proxies so that I'm able to use firefox locally (on A) while using the connection to C? That is, somehow forward all firefox's socks requests all the way from A to C. A and C cannot see each other directly, but I have full root ssh access everywhere. All machines are Debian.

Note that I don't want to forward a single port (like 80), I want a full chained socks proxy.

Answer 1

on machine B set up the dynamic proxy to machine C

ssh -ND 8888 user@C

then on machine A

ssh -L 8888:localhost:8888 user@B

This makes the SOCKS connection on Machine B and makes machine B's port 8888 connect-able from localhost port 8888 on machine A.

This may need 3 ssh connections open if you can not directly connect to machine B. If you can connect to machine B you only need 2 and can actually chain the commands if needed.

Answer 2

These are the two solutions I use.

Public SOCKS proxy Start SOCKS proxy on a public port on machine B

[machineB]$ ssh -ND <public_ip>:8080 user@machineC

or, do it from machine A (two hops)

[machineA]$ ssh user@machineB ssh -ND <machine_b_public_ip>:8080 user@machineC

Then set your browser proxy to on port 8080

Note: Make sure port 8080 is open on machine B's firewall

Tunnelled Proxy Tunnel a localhost SOCKS proxy from Machine B to Machine A

Separate commands:

[machineB]$ ssh -ND 8080 user@machineC
[machineA]$ ssh -L 8080:localhost:8080 user@machineB

or do it in a single shot:

  [machineA]$ ssh -L 8080:localhost:8080 user@machineB ssh -ND 8080 user@machineC

Now set your browser proxy to localhost on port 8080