Changes in 57177a2: Updated tethering.md

				tethering.md
			
          @@ -19,18 +19,22 @@ iOS mobiles ain't gonna work for this - Apple decided a long time ago that long-

           Nothing in particular on the phone or the SSH host - just set up a SOCKS port-forward in JuiceSSH, point it at your SSH machine and you're laughing. The SOCKS proxy will be listening on whatever port you specify (8080 is traditional), and will be reachable from wifi-tethered devices. The sshd defaults on Fedora, Debian, Ubuntu et al are fine.

           The setup on the tethered laptop's a bit more particular though...

           # Laptop

          +Two options on OSX to stop stuff talking directly to the internet and racking up your tethering bill:

          +## Trip Mode 2

          +[Trip Mode 2](https://www.tripmode.ch/) works as a selective app firewall - it'll deny network access to apps until you give them access through a menubar icon.

          +Lovely stuff. Costs a few quid though.

          +## Manual network setup

           To avoid sending any data through the phone that isn't going through the proxy, you'll need to hobble the network a bit. This is on OSX, but similar should work elsewhere too.

          -## Get IP adresses

          +### Get IP adresses

           Connect to the phone wifi sharing, and run 'ifconfig' and 'netstat -rn' to get your IP and default route. The wifi sharing network range seems to be completely stable on android, so we can just set a static IP below, and the phone (the router) is always on the .1 address.

           Now disconnect.

          -

          -## Create a new Location

          +### Create a new Location

           Create a new Location in System Preferences -> Network -> Location -> Edit Locations

           Switch off DHCP, and set IPv6 to link-local only.

           Set the IP to whatever you got when you connected normally; subnet mask to 255.255.255.0; and most importantly, **leave the default route blank**. Leave DNS blank as well - we don't need it.

           # Browse

          -Chrome, Safari, et al use the system proxies, and that doesn't work - DNS has nowhere to go, so the whole thing breaks.

          -Firefox will happily use the SOCKS proxy for DNS, so that's what we're going to use.

          +Chrome, Safari, et al use the system proxies, and that doesn't work - DNS has nowhere to go with the manual network setup, so the whole thing breaks, and leaking DNS queries is probably not a good idea if you're using Trip Mode.

          +Firefox will happily use the SOCKS proxy for DNS, though, so that's what we're going to use.

           In Firefox -> Preferences -> Network set the SOCKS proxy to the default route IP you got above, port 8080, SOCKS v5, and select 'Proxy DNS when using SOCKS v5'.

           # SSH

           You can SSH through your tether proxy with:

...	...	@@ -19,18 +19,22 @@ iOS mobiles ain't gonna work for this - Apple decided a long time ago that long-
19	19	Nothing in particular on the phone or the SSH host - just set up a SOCKS port-forward in JuiceSSH, point it at your SSH machine and you're laughing. The SOCKS proxy will be listening on whatever port you specify (8080 is traditional), and will be reachable from wifi-tethered devices. The sshd defaults on Fedora, Debian, Ubuntu et al are fine.
20	20	The setup on the tethered laptop's a bit more particular though...
21	21	# Laptop
	22	+Two options on OSX to stop stuff talking directly to the internet and racking up your tethering bill:
	23	+## Trip Mode 2
	24	+[Trip Mode 2](https://www.tripmode.ch/) works as a selective app firewall - it'll deny network access to apps until you give them access through a menubar icon.
	25	+Lovely stuff. Costs a few quid though.
	26	+## Manual network setup
22	27	To avoid sending any data through the phone that isn't going through the proxy, you'll need to hobble the network a bit. This is on OSX, but similar should work elsewhere too.
23		-## Get IP adresses
	28	+### Get IP adresses
24	29	Connect to the phone wifi sharing, and run 'ifconfig' and 'netstat -rn' to get your IP and default route. The wifi sharing network range seems to be completely stable on android, so we can just set a static IP below, and the phone (the router) is always on the .1 address.
25	30	Now disconnect.
26		-
27		-## Create a new Location
	31	+### Create a new Location
28	32	Create a new Location in System Preferences -> Network -> Location -> Edit Locations
29	33	Switch off DHCP, and set IPv6 to link-local only.
30	34	Set the IP to whatever you got when you connected normally; subnet mask to 255.255.255.0; and most importantly, leave the default route blank. Leave DNS blank as well - we don't need it.
31	35	# Browse
32		-Chrome, Safari, et al use the system proxies, and that doesn't work - DNS has nowhere to go, so the whole thing breaks.
33		-Firefox will happily use the SOCKS proxy for DNS, so that's what we're going to use.
	36	+Chrome, Safari, et al use the system proxies, and that doesn't work - DNS has nowhere to go with the manual network setup, so the whole thing breaks, and leaking DNS queries is probably not a good idea if you're using Trip Mode.
	37	+Firefox will happily use the SOCKS proxy for DNS, though, so that's what we're going to use.
34	38	In Firefox -> Preferences -> Network set the SOCKS proxy to the default route IP you got above, port 8080, SOCKS v5, and select 'Proxy DNS when using SOCKS v5'.
35	39	# SSH
36	40	You can SSH through your tether proxy with: