Public WiFi access abounds.  'Free WiFi', 'Internet Hot-Spot' and other slogans offer tempting but 'naked' internet access.  This tutorial will show you how to use two freely available open source applications - Mozilla Firefox ('Firefox') and OpenSSH ('SSH') - to make your wireless more secure so that you don't have to 'take your clothes off', so to speak, the next time you're at Starbuck's.

To perform this you'll need your home network to be either on a static IP or getting its IP dynamically using DHCP.  If you have the latter (the most common situation) then you'll need to have a dynamic dns account - from someone such as www.no-ip.com - that is already setup and working.  This tutorial does not show you how to set one up so you'll need to organise that first if your home network's IP is allocated dynamically by your ISP.

You'll also need to have the ssh daemon running on your home server and configured your firewall so that external SSH connections are allowed in to your home network.  This is relatively easy to do and there are numerous tutorials on the internet that will show you how to do it for your particular distribution of Linux.

If you have a static IP, add the following entry to the end of your ~/.bashrc file:

alias sshtunnel="ssh -ND 4711 -v user@111.222.333.444"

Where 'user' is a non-privileged user on your home network and '111.222.333.444' is the static IP address of your home network.  If you're using DHCP + dynamic DNS then substitute the text of your dynamic DNS account, eg:

alias sshtunnel="ssh -ND 4711 -v user@myaccount.no-ip.com"

You'll now need to log out of your laptop and log back in for the above alias to take effect.

Those of you familiar with SSH will know that the '-ND 4711' means SSH is allocating a socket to listen to port 4711 on the local machine (eg. your laptop).  Whenever a connection is made to this port (eg. a connection from Firefox), the connection is forwarded over the secure (encrypted) ssh channel to user@111.222.333.444 and the application protocol (eg. Firefox's http - the HyperText Transfer Protocol) is then used to determine where to connect to from the remote machine (ie. your home server).  Since your home server will have its http bound to port 80 (unless, of course, you've changed this port yourself for some reason), the http request will go out from port 80 on your home server onto the internet just as if you were sitting at home in front of your desktop PC browsing the internet.  The response from the http server (ie. the web site you want to browse) will come back over the internet into port 80 on your home server and will then be sent back out to your laptop through the secure (encrypted) ssh tunnel where Firefox will render it on your laptop's screen.  This is an example of using ssh 'port forwarding' to create what is also known as a 'virtual private network (VPN)'.

Please note that I chose port '4711' in this example purely for illustration.  You can choose whatever valid port number you like provided it's not between 0 and 1025, as ports 1-1024 are reserved for system use and require root (ie. privileged) access.  If you do change this number, remember to change it in the Firefox configuration listed below.  

Now you need to configure your laptop's Firefox network settings (Edit > Preferences > Advanced > Network (tab) > Settings) so that all of Firefox's sessions are forwarded to port 4711.  Once there, click on the 'Manual proxy configuration' radio button to enable it and enter the following information in the relevant fields:

SOCKS Host: localhost   Port: 4711
(Click on the SOCKS v5 radio button)
No Proxy for: localhost, 127.0.0.1

Here, you are telling Firefox that you want it to use port 4711 rather than the default ports (eg. http uses port 80, ftp uses port 21, smtp uses port 25, IRC uses port 194, etc.).  Note that, after doing this, you won't be able to use Firefox until you establish the ssh tunnel.  If, at any time, you decide you don't want Firefox to browse through an ssh tunnel, just click on the 'Use system proxy settings' radio button instead.

Now that we've set things up it's just a simple case of:

1.  opening a terminal and typing sshtunnel
2.  opening Firefox and browsing the web

Simple and secure.  Of course, there's a lot more you can do with ssh port forwarding and this is just one practical illustration of the power of open source.