Skip to content

SOCKS Proxy Tutorial

Aim: Using SOCKS proxy (v5) to originate from Nikhef IP space


Some Nikhef and NWO web services are available only from within the Nikhef network. This short tutorial explains how to access these services when you are not at Nikhef. The method we use for this is

  • Log in using SSH on the Nikhef login servers or, using a special configuration option
  • Configure your web browser (Firefox) to use a so-called SOCKS server


  • Open a terminal windows
  • Use ssh to login to Nikhef:

ssh -D 1080  <user>
where <user> is your Nikhef user name.

There are many SSH clients for Windows, but in this tutorial we use PuTTY to connect to the Nikhef Login server. PuTTY is free and runs on all versions of Windows.

The latest version of PuTTY can usually be found at

  • Create a new login profile:
    • Host name: (or
    • Port: 22
  • Now go to the menu on the left-hand side, expand the option 'Connection' and then expand the option 'SSH' and click on 'Tunnels'. Fill in 1080 as the source port and click on the radio buttons Dynamic and Auto, then click Add:
  • You should now see a port D1080 in the list of forwarded ports:
  • In the menu, scroll back up to Session, choose a name for the profile (e.g. 'Nikhef') and click Save:
  • Now click on Open to start your login session.

Configure your web browser

You can configure most web browsers to connect using a SOCKS proxy. However, browsers like Safari and Google Chrome rely on the system settings to determine whether to use a SOCKS proxy or not. The downside of configuring a system-settings SOCKS proxy is that subsequently all HTTP and HTTPS network traffic will use this SOCKS proxy. Firefox has its own SOCKS proxy setting configuration and is thus handier to use.

  • Start Firefox
  • Click on Tools->Preferences
  • Click on the Advanced tab
  • Click on the Network tab
  • Click on the Settings... button behind 'Configure how Firefox connects to the Internet'
  • Select Manual proxy configuration
  • Fill in as the SOCKS Host: and Port: 1080
  • Choose a SOCKS v5 proxy
  • Enable Remote DNS or Proxy DNS when using SOCKS v5 The configuration screen should look similar to this: (Firefox 52 on Linux)
  • Click on OK to save the settings.

Test your connection

Go to a website such as to check the IP address that your browser is using. If the SOCKS server is configured correctly, you should see something similar to

Your IP Address Is: 2001:610:120:1001::185:143

Your IP Address Is:
If you see an address that is not starting with 2001:610 or 192.16 then the SOCKS server is not configured correctly.

Otherwise, that's it! You can now access most Nikhef web services as if you were inside the Nikhef network. For example, you should now be able to access the NWO-I Lab Servant portal at