Using ChatZilla through an SSH tunnnel

1. Introduction

This document describes how to make ChatZilla use an SSH tunnel as a SOCKS proxy. This can be useful if the standard IRC ports are blocked on your network, if you need some privacy, or are just generally nuts enough to want your IRC connection to run through some other server on the other end of the globe :-). Note that you should not use this method for anything illegal, and should be aware of regulations about use of tunnels and IRC put in place by your ISP and/or your network administrator.

2. Assumptions

This document assumes:

3. Setting up the tunnel

First we set up the SSH tunnel. If you've already set up the tunnel, you can skip this step. Otherwise, this means you need your SSH executable just about now. If you don't have one, you can download the most recent version of OpenSSH for *nix machines, and you can use PuTTY on Windows.

The following examples use 4567 as the local port, 'user' for username, and 'host.org' for the host you would like to SSH tunnel to. Of course, you can pick anything you like (but keep in mind you need root privileges on *nix systems to use ports below 1024)

Windows

The easiest way to do this, in my opinion, is using 'plink', found from the PuTTY download page, mentioned above. You may also be able to use the normal putty executable here, but I haven't tested this. Now all you need to do is open a shell (Pick "Run" from the Start menu, enter "cmd" (without quotes) and hit Enter/return) and run:

plink -ssh -D 4567 -N user@host.org
This will use ssh to create a dynamic tunnel on port 4567 on the local machine to host.org, using username 'user' to login. The -N option will prevent plink from allocating a terminal. This is mostly because you'll only use the connection for the port forwarding, so there is no point in creating a terminal.

*nix

This is probably even easier than it is on Windows. In your favourite shell, run:

ssh -fND 4567 user@host.org
This will create a dynamic tunnel on port 4567 on the local machine to host.org, using username 'user' to login. The -N option will prevent ssh from allocating a terminal, while the -f option will background the ssh process after authentication, which means you can still use your terminal afterwards.

4. Setting up ChatZilla to use the tunnel

Now we need to set up ChatZilla to connect through the tunnel you've created. How to do this depends on what you run ChatZilla on.

Important: if you use ChatZilla in Flock, Firefox, the Mozilla Suite or SeaMonkey, these proxy settings will also be used for all your normal browsing. If you do not like this, you could use a PAC file instead. This approach is not documented here, but Google has some info.

Firefox or Flock

Open the "Options" ("Preferences" on *nix) dialog, and switch to the "Advanced" section. Open the "Network" tab, and click the "Settings" button. Now select "Manual proxy configuration", and enter "127.0.0.1" in the SOCKS host field, and "4567" in the Port field (assuming you use the same port we mentioned earlier). Select "SOCKS v5", and close the dialog with the OK button. Close the Options/Preferences dialog the same way.

SeaMonkey or the Mozilla Suite

Open the "Preferences" dialog, open the "Advanced" tree and then the "Proxies" view. Then, select "Manual proxy configuration", and click the "Advanced" button. Then use "127.0.0.1" for the SOCKS Proxy field, and 4567 for the accompanying port. Select SOCKS v5 if it isn't already. Then use all the OK buttons to close the whole bunch of dialogs.

XULRunner (standalone)

For this, you need access to about:config, or you need to manually hack your profile's prefs.js file. I recommend you use tH's package, which provides access to about:config from the ChatZilla menu.

Make sure the following preferences are set as described, and change them if necessary:

If these preferences are set this way, you should be done.

5. Test your modifications

If you modified the preferences of the webbrowser you use to run ChatZilla from, you can test this by accessing a web page in your browser. If this still works, even after a refresh, the proxy-ing is most likely working. Otherwise, just connecting to your favourite IRC network should now be possible from within ChatZilla, just like you otherwise would. If you have any problems, and the proxy works for webbrowsing, you could try stopping by the ChatZilla support channel.

If you spot any silly mistakes or have additions to this page, please feel free to mail me at gijskruitbosch (at) gmail [dot] com.