Monday, July 21, 2008

Bypass web proxy with SSH tunneling

For the company that I work in, the network is protected by a firewall and web proxy. We could access the web via the proxy, except those sites that are considered to be "unproductive". Most discussion forums, which are valuable when searching for technical issues, are unfortunately blocked.

Here is how setup a SSH tunnel to bypass the firewall. Basically, it requires to create a SSH connection to a server (e.g. your home pc) outside the company firewall via the company proxy. At the same time, configure the SSH connection to do a port forwarding from your workstation at work to a free proxy server on the Internet (better yet, point it to a proxy server at home).

First, make sure that the SSH daemon on the server has enabled the TCP forwarding option. For OpenSSH, it is the AllowTcpForwarding option.

On the workstation at work, use Putty to connect to the SSH server.




At the Proxy option, set it to use the company proxy to pass through the firewall.



Then the tricky part. Setup a port forwarding rule to forward a port on the workstation to another machine and port on the Internet. Here, this example is forwarding the port 8080 on the workstation to the port 8888 on host proxy.pcathome.com



Click on the Add button to add the rule.



Click Open to connect to the server. Login as usual.

Then change the proxy setting of the browser on the workstation to point it to localhost and port 8080. From now on, web browsing will go through the proxy (for the above example, the proxy.mypcathome.com) outside the company and all restrictions are gone!

Notes:

  1. Since the connection is via a HTTP proxy, connection will timeout when there is not data going through. Either execute a run-forever command on the terminal (e.g. top) or let Putty sends null packets periodically (under the Connection option)

1 comment: