Tunneling and Port Forwarding in Android

I believe several countries has quite strict policy on their internet access. Well, with a little trick, we can make a hole and goes straight through it. I have try to do this using Blackberry but I could not found nice free ssh client. But with Android, it is pretty easy. So let’s get started.

What you need is:

  1. Your Android phone (I use my HTC Legend with Android 2.2)
  2. Install ConnectBot from your Android Market
  3. Unix server in the internet with Squid Proxy server (or any other cache server) installed [I am using inet0.net]

Alright, if all the tools are ready, first step is to create SSH Tunnel with Port Forwarding enabled. Basically we build SSH connection to the Unix server with Squid Proxy running and then forward all HTTP traffic from our Android phone via this tunnel. So instead of going through standard HTTP port (8080), our browsing traffic goes via SSH port (22). Below is screen shot on how to do this using ConnectBot.

And then, we have to edit the APN settings, specifically the proxy setting. We have to direct all HTTP traffic into this proxy. In this case we have to direct the traffic to localhost ( port 8080. As we can see from the previous step, the address and port has been binded (port forwarded) into port 8080 in the Unix server. With this setting, the HTTP traffic will go to localhost and then via SSH tunnel goes to Unix server port 8080 which the Squid Proxy running and listening to this port. Here’s the screen capture.

Finally, we can login into the Unix server using SSH:

Then open your browser, try to visit restricted websites. I have try it and made it, but I will not capture my screen on this one 😉 Hope it works on your Android too.



  1. Picto FX · June 14, 2011

    I’m trying to do this but I can’t.
    I have an Incredible S.
    my squid server listen to port 4917, so I set this setting on connectbot on my phone:

    Type: Local
    Source: 4719
    Destination: localhost:9999

    and in WIFI proxy setting on my phone, I set this config:
    Proxy ip: localhost
    port: 9999

    but it’s not work!
    Do you know why?


  2. sigitp · June 15, 2011

    Hi Picto,
    Are you using your WiFi or your 2G/3G networks for connecting to the internet?
    The configuration you gives seems correct. Try to do this using your 2G/3G network. Change the proxy in the APN setting instead of in the WiFi setting.
    I believe it should work, I have never try usign WiFi myself.

    Also, you have to change proxy first before doing SSH.

    Let me know if you made it.

  3. sdas · June 19, 2012

    and in WIFI proxy setting on my phone, I set this config:
    Proxy ip: localhost
    port: 9999

    replace this with
    Type: Local
    Source: 9999
    Destination: localhost:4719

    and in WIFI proxy setting on my phone, I set this config:
    Proxy ip: localhost
    port: 9999

  4. Bob · July 16, 2012

    Will this work on Minecraft??

  5. sigitp · July 28, 2012

    Hi Bob, yes this should work…as long as your proxy server allows Minecraft…

  6. Tyler · August 30, 2012

    i need help with the cache server. i cant seem to add user for inet0.net
    any help is appreciated

  7. sigitp · September 5, 2012

    Hi Tyler, inet0.net actually is a private server, you have to rent your own unix server with squid cache daemon running 🙂

  8. Manuel Ugas · July 16, 2013

    Can I forward UDP traffic thru the SSH tunnel or only TCP traffic?

  9. sigitp · July 16, 2013

    You can forward UDP traffic as well

  10. Robert · March 12, 2014

    I’m trying to get this to work on my Fairphone. Though pages do not load when I activate the proxy.
    Have you rooted your device before doing this? The Fairphone team has claimed that the device is delivered rooted, but I am not sure.
    Also, I don’t have a caching server on my server. Is this vital? Tunneling works all right with computers. The caching server is only for speeding up browsing, is it not?

    Thanks for the tutorial.

  11. sigitp · April 2, 2014


    Sorry just saw your comment here. The proxy caching server indeed is vital, otherwise in my case I don’t need to do tunneling at all 🙂
    You can build your own Linux VPS and install Squid Cache Server into it for your proxy caching server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s