Dynamic Port Forwarding (SOCKS5 Proxy)
Dynamic port forwarding (SSH -D flag) creates a SOCKS5 proxy server on your local machine, allowing you to route ALL your internet traffic through an encrypted SSH tunnel.
What is Dynamic Port Forwarding?
Simple Explanation: Instead of forwarding one specific port (like MySQL or web server), dynamic forwarding creates a SOCKS5 proxy that can forward ANY traffic to ANY destination through the SSH tunnel. It's like a personal VPN!
Flow:
Your Browser → SOCKS5 Proxy (localhost:1080) → SSH Tunnel → Remote Server → Internet
Example:
Chrome → localhost:1080 (SOCKS5) → SSH → Server → Browse any website
All your browser traffic is encrypted and appears to come from the remote server!
Why Use Dynamic Port Forwarding?
Security & Privacy
✅ Encrypted Traffic - All data encrypted through SSH
✅ Hide Your IP - Traffic appears from remote server
✅ Bypass Censorship - Access blocked content
✅ Public WiFi Security - Protect on untrusted networks
Common Use Cases
-
Secure Browsing
- Public WiFi protection
- Coffee shops, airports
- Hotel networks
- Untrusted networks
-
Privacy & Anonymity
- Hide real IP address
- Browse anonymously
- Mask location
- Avoid tracking
-
Access Restrictions
- Bypass geo-blocks
- Access region-locked content
- Circumvent network restrictions
- Access internal resources
-
Development & Testing
- Test from different locations
- Verify geo-restrictions
- Test CDN behavior
- Debug location-based features
Creating Dynamic Port Forwarding
From Port Forwarding Panel
- Open Port Forwarding in sidebar
- Click "New Tunnel"
- Select "Dynamic" type
- Fill in configuration:
┌──────────────────────────────────────────────┐
│ New Port Forwarding Tunnel │
├──────────────────────────────────────────────┤
│ Name: * │
│ [SOCKS5 Proxy - Secure Browsing ] │
│ │
│ Connection: * │
│ [VPN Server ▼] │
│ │
│ Type: * │
│ [ ] Local [ ] Remote [●] Dynamic │
│ │
│ ─── SOCKS5 Configuration ─── │
│ Local Port: * │
│ [1080 ] │
│ │
│ Bind Address: │
│ [127.0.0.1 ] ← Only localhost │
│ │
│ ─── Options ─── │
│ [✓] Auto-start with connection │
│ [ ] Start immediately │
│ │
│ Description: │
│ [Secure browsing through VPS ] │
│ │
│ [Cancel] [Create Tunnel] │
└──────────────────────────────────────────────┘
- Click "Create Tunnel"
- Click "Start" to activate
Understanding Configuration
Name
Descriptive name for the proxy:
✓ "SOCKS5 Proxy - Secure Browsing"
✓ "VPN Proxy - Public WiFi"
✓ "Development Proxy - Testing"
✗ "Dynamic Forward"
✗ "Proxy 1"
Local Port
Port where SOCKS5 proxy listens on your computer:
Common Ports:
1080- Traditional SOCKS port (recommended)1081- Alternate SOCKS port9050- Tor default (avoid conflict)8080- HTTP proxy alternative
Important:
- Must be available
- Ports < 1024 require admin/root
- Standard is 1080
Bind Address
Which interface to bind proxy:
Options:
127.0.0.1 (localhost) - Recommended
✓ Only you can use proxy
✓ Secure - no network exposure
✓ Best for personal use
0.0.0.0 (all interfaces) - Risky
⚠ Anyone on network can use your proxy
⚠ Your traffic/IP used by others
⚠ Security risk
⚠ Only for specific setups
Configuring Applications
Web Browsers
Google Chrome / Chromium
Method 1: System Proxy (macOS/Windows)
Settings → System → Open proxy settings
→ SOCKS Proxy: localhost
→ Port: 1080
Method 2: Chrome Extension
- Install "Proxy SwitchyOmega"
- New Profile → SOCKS5
- Server: localhost
- Port: 1080
Method 3: Command Line
# macOS/Linux
google-chrome --proxy-server="socks5://localhost:1080"
# Windows
chrome.exe --proxy-server="socks5://localhost:1080"
Mozilla Firefox
Settings → Network Settings
1. Click "Settings..."
2. Select "Manual proxy configuration"
3. SOCKS Host: localhost
4. Port: 1080
5. Select "SOCKS v5"
6. Check "Proxy DNS when using SOCKS v5"
7. Click "OK"
Important: Enable "Proxy DNS" to prevent DNS leaks!
Safari (macOS)
1. System Preferences → Network
2. Select your connection (WiFi/Ethernet)
3. Click "Advanced..."
4. Go to "Proxies" tab
5. Check "SOCKS Proxy"
6. Server: localhost:1080
7. Click "OK" → "Apply"
Microsoft Edge
Uses system proxy settings:
Settings → System and performance
→ Open your computer's proxy settings
→ Configure SOCKS proxy
Command Line Tools
cURL
# Use SOCKS5 proxy
curl --socks5 localhost:1080 https://ifconfig.me
# With SOCKS5 hostname resolution
curl --socks5-hostname localhost:1080 https://example.com
# Check your IP
curl --socks5 localhost:1080 https://api.ipify.org
wget
# Add to ~/.wgetrc
use_proxy = yes
https_proxy = socks5://localhost:1080
http_proxy = socks5://localhost:1080
# Or command line
wget -e use_proxy=yes \
-e https_proxy=socks5://localhost:1080 \
https://example.com
git
# Set proxy for git
git config --global http.proxy socks5://localhost:1080
git config --global https.proxy socks5://localhost:1080
# Clone through proxy
git clone https://github.com/user/repo.git
# Unset proxy
git config --global --unset http.proxy
git config --global --unset https.proxy
SSH
# Through SOCKS proxy
ssh -o ProxyCommand='nc -x localhost:1080 %h %p' user@host
# Or in ~/.ssh/config
Host *.example.com
ProxyCommand nc -x localhost:1080 %h %p
Programming Languages
Python (requests)
import requests
proxies = {
'http': 'socks5://localhost:1080',
'https': 'socks5://localhost:1080'
}
response = requests.get('https://httpbin.org/ip', proxies=proxies)
print(response.json())
Node.js
const SocksProxyAgent = require('socks-proxy-agent');
const fetch = require('node-fetch');
const proxy = 'socks5://localhost:1080';
const agent = new SocksProxyAgent(proxy);
fetch('https://httpbin.org/ip', { agent })
.then(res => res.json())
.then(json => console.log(json));
Java
System.setProperty("socksProxyHost", "localhost");
System.setProperty("socksProxyPort", "1080");
System.setProperty("socksProxyVersion", "5");
// Make HTTP requests
URL url = new URL("https://httpbin.org/ip");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
Mobile Devices
iOS (iPhone/iPad)
1. Settings → WiFi
2. Tap (i) next to your network
3. Scroll to "HTTP Proxy"
4. Select "Manual"
5. Server: YOUR_COMPUTER_IP
6. Port: 1080
7. Save
Note: Requires bind address 0.0.0.0 (see security warning!)
Android
1. Settings → Network & Internet → WiFi
2. Long press your network
3. Modify Network → Advanced
4. Proxy → Manual
5. Hostname: YOUR_COMPUTER_IP
6. Port: 1080
7. Save
Real-World Examples
Example 1: Secure Public WiFi
Scenario: Working at coffee shop with public WiFi
Setup:
Name: Secure Public WiFi Proxy
Type: Dynamic
Local Port: 1080
Bind Address: 127.0.0.1
Server: Your VPS in cloud
Usage:
- Start tunnel in Xermius
- Configure browser to use SOCKS5 proxy
- Browse securely
- All traffic encrypted through SSH
Benefits:
- WiFi owner can't see your traffic
- Encrypted end-to-end
- Hide browsing from network snoopers
- Protect passwords and sensitive data
Example 2: Access Geo-Restricted Content
Scenario: Access content blocked in your region
Setup:
Name: Location Proxy - US
Type: Dynamic
Local Port: 1080
Server: US-based VPS
Usage:
1. Start tunnel to US server
2. Configure browser
3. Access US-only content
4. Appear as US visitor
Use Cases:
- Streaming services
- News websites
- Research access
- Price comparison
Example 3: Bypass Network Restrictions
Scenario: Corporate network blocks certain sites
Setup:
Name: Bypass Corporate Firewall
Type: Dynamic
Local Port: 1080
Server: Personal VPS outside network
Usage:
- Access blocked websites
- Use restricted services
- Full internet access
Note: Check company policy first!
Example 4: Development Testing
Scenario: Test website from different locations
Setup Multiple Tunnels:
Tunnel 1:
Name: Test from US
Port: 1080
Server: US VPS
Tunnel 2:
Name: Test from EU
Port: 1081
Server: EU VPS
Tunnel 3:
Name: Test from Asia
Port: 1082
Server: Asia VPS
Testing:
# Test from US
curl --socks5 localhost:1080 https://yoursite.com
# Test from EU
curl --socks5 localhost:1081 https://yoursite.com
# Test from Asia
curl --socks5 localhost:1082 https://yoursite.com
Example 5: Secure Remote Work
Scenario: Access company resources securely
Setup:
Name: Company VPN Alternative
Type: Dynamic
Local Port: 1080
Server: Company SSH server
Access:
- Internal websites
- Company services
- Development environments
- As if in office
Example 6: Privacy Browsing
Scenario: Browse without revealing IP
Setup:
Name: Anonymous Browsing
Type: Dynamic
Local Port: 1080
Server: Privacy-focused VPS
Privacy Measures:
- Use SOCKS5 proxy
- Enable DNS through proxy
- Disable WebRTC in browser
- Use privacy-focused browser
- Clear cookies regularly
Example 7: Multi-Account Testing
Scenario: Test with multiple IP addresses
Setup:
Profile 1: Direct connection
Profile 2: Proxy through Server A
Profile 3: Proxy through Server B
Use Cases:
- Test rate limiting
- Verify IP bans
- Multi-account management
- Load testing
Example 8: Travel Security
Scenario: Traveling abroad, untrusted networks
Setup Before Travel:
Name: Travel Proxy - Home
Type: Dynamic
Local Port: 1080
Server: Home VPS or cloud server
While Traveling:
- All hotel WiFi through proxy
- Airport networks secured
- Public computers safer
- Home country IP maintained
Advanced Usage
Browser Profiles with Different Proxies
Setup:
Chrome Profile 1: No proxy (Direct)
Chrome Profile 2: US Proxy (1080)
Chrome Profile 3: EU Proxy (1081)
Chrome Profile 4: Asia Proxy (1082)
Switch between locations instantly!
Proxy Switcher Extensions
SwitchyOmega (Chrome/Firefox):
Profiles:
- Direct: No proxy
- Secure: SOCKS5 localhost:1080
- Development: SOCKS5 localhost:1081
- Testing: SOCKS5 localhost:1082
Switch with one click!
Selective Proxying
Route specific domains through proxy:
Firefox:
// In about:config
network.proxy.socks_remote_dns = true
// Or use FoxyProxy extension
Chrome with SwitchyOmega:
Auto Switch Rules:
*.google.com → Use Proxy
*.internal.company.com → Direct
* → Direct (default)
System-Wide Proxy (Advanced)
macOS:
# Set system proxy
networksetup -setsocksfirewallproxy "Wi-Fi" localhost 1080
# Remove proxy
networksetup -setsocksfirewallproxystate "Wi-Fi" off
Linux:
# Environment variables
export ALL_PROXY=socks5://localhost:1080
# Or in /etc/environment
ALL_PROXY=socks5://localhost:1080
Windows:
# Through settings or
# Internet Options → Connections → LAN Settings
Chain Multiple Proxies
Scenario: Route through multiple servers
Your Computer
→ SOCKS Proxy 1 (Server A)
→ SOCKS Proxy 2 (Server B)
→ Internet
Setup requires proxychains or similar tools
Troubleshooting
Proxy Connection Failed
Error: "Unable to connect to proxy server"
Causes:
- Tunnel not running
- Wrong port number
- Bind address incorrect
- Firewall blocking
Solutions:
Check tunnel status:
Xermius Port Forwarding panel
Status: ● Active (green)
Test proxy locally:
curl --socks5 localhost:1080 https://ifconfig.me
# Should return remote server IP
Check port is listening:
# macOS/Linux
lsof -i :1080
# Windows
netstat -ano | findstr :1080
DNS Leaks
Issue: Real IP revealed through DNS queries
Causes:
- DNS not routed through proxy
- Browser bypassing proxy for DNS
- WebRTC leaking IP
Solutions:
Firefox:
network.proxy.socks_remote_dns = true
Chrome:
Use SwitchyOmega with "Proxy DNS when using SOCKS5"
Test for leaks:
https://dnsleaktest.com
https://ipleak.net
Disable WebRTC:
Chrome: Install "WebRTC Leak Prevent"
Firefox: media.peerconnection.enabled = false
Slow Performance
Issue: Browsing is very slow
Causes:
- High latency to server
- Server bandwidth limited
- Too many connections
- Server overloaded
Solutions:
Check latency:
ping server-ip
# Should be < 100ms for good experience
Test server speed:
# Through proxy
curl --socks5 localhost:1080 -o /dev/null \
https://speed.cloudflare.com/__down?bytes=100000000
Use closer server:
Choose server geographically closer
Lower latency = better performance
Enable compression:
Xermius Settings → Connection
[✓] Enable compression
Proxy Not Working for Some Sites
Issue: Some sites don't work through proxy
Causes:
- Site blocking proxy/VPN IPs
- Cloudflare challenge
- Rate limiting
- Protocol issues
Solutions:
Try different server:
Some IPs are blocked
Residential IPs work better
Rotate servers
Clear cookies:
Sites may detect proxy switching
Clear browser data
Use incognito/private mode
Check proxy logs:
Xermius tunnel statistics
Look for errors
Application Won't Use Proxy
Issue: App ignores proxy settings
Causes:
- App doesn't support SOCKS5
- Wrong configuration
- App has own proxy settings
- System proxy not working
Solutions:
Check app documentation:
Does app support SOCKS5?
Some apps only support HTTP proxy
Use proxifier (Windows/macOS):
Forces apps to use proxy
System-wide solution
Try HTTP proxy wrapper:
privoxy (converts SOCKS5 to HTTP proxy)
Security & Privacy
What SOCKS5 Proxy Hides
Hidden:
- ✅ Your real IP address
- ✅ Your browsing traffic (from local network)
- ✅ Destination websites (from local network)
Not Hidden from Remote Server:
- ⚠️ Your traffic passes through server
- ⚠️ Server can see destinations
- ⚠️ Server can see unencrypted traffic
What It Doesn't Hide
Still Visible:
- Your identity (if logged in)
- Browser fingerprint
- Cookies and tracking
- HTTPS shows destination domain
Not a complete anonymity solution!
Best Practices
1. Use Trusted Servers
✓ Your own VPS
✓ Trusted provider
✗ Unknown/free proxies
✗ Shared servers
2. Enable DNS Through Proxy
Always configure:
Firefox: network.proxy.socks_remote_dns = true
Chrome: SwitchyOmega with "Proxy DNS"
3. Disable WebRTC
Prevents IP leaks
Essential for privacy
Install browser extension
4. Use HTTPS
HTTPS + SOCKS5 = Double encryption
SSH tunnel + TLS
Even server can't see content
5. Clear Cookies
Before switching proxies
Prevents tracking
Use private/incognito mode
6. Monitor for Leaks
Regular checks:
- https://dnsleaktest.com
- https://ipleak.net
- https://browserleaks.com
7. Bind to Localhost
✓ Bind: 127.0.0.1
✗ Bind: 0.0.0.0
Prevents others using your proxy
Performance Tips
1. Choose Nearby Server
Lower latency = Better performance
< 50ms: Excellent
50-100ms: Good
> 100ms: Noticeable lag
2. Server Bandwidth
Ensure adequate bandwidth:
- 100 Mbps for casual use
- 1 Gbps for heavy use
- Consider costs
3. Optimize Browser
- Close unused tabs
- Disable auto-play videos
- Use ad blocker (reduces bandwidth)
- Clear cache regularly
4. Compression
Enable in Xermius settings
Reduces bandwidth
Increases CPU usage
Trade-off depends on connection
5. Limit Connections
Some apps create many connections
Limit concurrent connections
Can improve overall speed
Legal & Ethical Considerations
⚠️ Important Notes
Legal:
- Bypassing geo-restrictions may violate ToS
- Corporate network policies must be followed
- Some countries restrict VPN/proxy usage
- Copyright laws still apply
Ethical:
- Don't use for illegal activities
- Respect service terms
- Don't abuse server resources
- Consider impact on server
Responsibility:
- You're responsible for your traffic
- Server owner may be liable
- Use responsibly and ethically
Alternatives Comparison
SOCKS5 vs VPN
SOCKS5 Proxy:
✓ Faster (less overhead)
✓ Easy to set up
✓ Per-application
✓ No driver installation
✗ App support required
✗ No traffic encryption (except SSH tunnel)
VPN:
✓ System-wide (all traffic)
✓ No app configuration needed
✓ Better for non-technical users
✗ Slower (more overhead)
✗ Requires installation
✗ May block all traffic if drops
SOCKS5 vs Tor
SOCKS5:
✓ Faster
✓ Full bandwidth
✓ Your choice of server
✗ Single hop (less anonymous)
✗ Server knows your IP
Tor:
✓ Multiple hops
✓ Better anonymity
✓ No single point of trust
✗ Much slower
✗ Limited bandwidth