On 2007-10-07, Per Hedeland wrote:
> No, there is no need to forward privileged ports in this case, the
> standard SOCKS port is 1080 and it's generally configurable in the
> browser anyway. The drawback is that if the clients do not have *any*
> Internet connectivity, both browser and ssh must do SOCKS v5, which can
> do DNS lookups via SOCKS (or at least avoid doing them outside SOCKS) -
> and the browser has to use this functionality. OpenSSH has had SOCKSv5
> for quite a while, and my semi-old Firefox has a selection button for it
> - but I wouldn't bet that it actually uses the DNS functionality. You'll
> find out soon enough if you try it...

Firefox has a button for the remote DNS lookups but it's off by default.
Go to the about:config page and look for "network.proxy.socks_remote_dns".

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.