diff --git a/README.md b/README.md
index fb22374..b793359 100644
--- a/README.md
+++ b/README.md
@@ -699,6 +699,10 @@ ssh-copy-id CONTAINER_IP
 
 #### Accessing dev sites running inside container
 
+On host, create new FF profile for that purpose only. In its `about:config`, enable `network.proxy.allow_hijacking_localhost` (so that requests to localhost are proxied too).
+
+##### With squid (HTTP/HTTPS only, ran as a service)
+
 In container: `doas apk add squid`, and edit `/etc/squid/squid/conf` accordingly
 (most likely you'll only need to change local network definition to match the subnet shared between the host and the container).
 
@@ -710,7 +714,22 @@ doas rc-service squid start
 
 (Note that squid requires devfs service to be running).
 
-In host, create new FF profile (`about:profiles`) for that purpose, and configure it to use squid proxy running inside of container.
+Configure FF profile to use squid proxy running inside of container.
+
+It is not clear how to get websockets working with squid, information on the web is very sparse.
+
+##### With SSH tunnel (supports websockets)
+
+Alternatively, without any need to squid:
+
+* Configure container for tunnelling support (no idea why it is required for tunnelling to work: https://web.archive.org/web/20210125210954/https://blog.felixbrucker.com/2015/10/01/how-to-enable-tuntap-inside-lxc/):
+  * On LXC: add `lxc.cgroup.devices.allow = c 10:200 rwm` to your `~/.config/lxc/CONTAINERNAME.conf` file;
+  * On LXD: `doas lxc config set CONTAINERNAME raw.lxc="lxc.cgroup.devices.allow = c 10:200 rwm"`;
+  * (of course, restart the container after that);
+* Enable `AllowTcpForwarding` and `PermitTunnel` in `/etc/ssh/sshd_config` (and of course restart `sshd`);
+* On host, `ssh CONTAINER_IP -ND TUNNEL_PORT` (TUNNEL_PORT can be anything above 1024 to avoid requiring root privileges);
+* On host, in target FF profile, configure proxy to use SOCKS v5 proxy on CONTAINER_IP:CONTAINER_PORT (leave HTTP / HTTPS proxy empty), and check "Proxy DNS when using Socks v5" checkbox.
+* Note that it will only work as long as ssh tunnelling command on host is running. So you'll need to run it again after reboot etc. Or wrap it in a service for OpenRC.
 
 #### VS Code Remote