Macos – DNS over SSH Tunnel


I want to setup my OSX system such that all network traffic is done through an SSH tunnel.

I've written a small script for this purpose, and these are the commands executed by it:

// setup tunnel
ssh -fN -D 1080 -p 22 user@remote

// start up redsocks
sudo redsocks -c /tmp/redsocks.conf -p /tmp/

// forward all tcp traffic to tunnel
sudo ipfw add 0010 fwd,12345 tcp from me to any not dst-port 12345 not dst-port 1080 not dst-ip REMOTE_IP

I use redsocks to create an http proxy to my ssh-tunnel (so that i can forward all tcp traffic to it via ipfw), redsocks.conf looks like this:

base {
    log_debug = on;
    log_info = on;
    log = "file:/tmp/redsocks.log";
    redirector = generic;
redsocks {
    local_ip =;
    local_port = 55660;
    ip =;
    port = 1080;
    type = socks4;

Everything seems to work so far, all TCP traffic on my OSX system is done through the ssh tunnel, but the problem is with UDP traffic and because of that DNS queries are not working.

How can I get DNS on my local machine to work through the SSH tunnel?

Best Answer

Your ipfw … line only forwards TCP traffic. Maybe add the following line?

sudo ipfw add 0011 fwd,12345 \
                   udp from me \
                   to any not dst-port 12345 \
                          not dst-port 1080 \
                          not dst-ip REMOTE_IP

It's also a good idea to add set -x (for debugging) and set -e (to fail immediately if any of the commands fail).

  • One should generally use the term 'SSH tunneling' to refer to tun/tap with SSH.
  • Port-forwarding is a specific form of tunneling, but it should be still only be referred to as 'port forwarding' in this context.
  • Do not use SSH tunneling (as in -oTunnel and -oTunnelDevice) except for quick ad-hoc jobs.
  • DNS can use TCP as a transport. It is not restricted to UDP, though that is the preferred transport.
Related Question