There will come a time where you are at an office or public place that blocks access to certain websites or ports. For example, at my current place of employment, they use a Websense caching proxy to block access to all sorts of sites, mainly webmail. This posed a problem on my first day because I needed some documents sent to me by my consulting firm. But a few minutes later, it wasn’t a problem. This article will show you how to set up a proxy of your own using ssh to get past any firewall out there.

Prerequisites:
1) The Firefox web browser
2) Putty SSH Client (free from http://www.chiark.greenend.org.uk/~sgtatham/putty/)
3) An Open SSH server outside the corporate local area network
4) A connection to the internet

Assumptions:
1) Your company or public hot spot allows outgoing TCP connections on port 22 (likely).

I’m going to assume that you are running an ssh server at home or have access to one with a web hosting account. If not, they are easy to find and obtain or you can e-mail me and I might be able to hook you up.

1. Create a new PuTTY session
Run PuTTY and create a new session in PuTTY to connect to the remote host that is running OpenSSH. Fill in the hostname, the port (usually 22), make sure SSH is checked, give it a session name and hit Save:

2. Configure a secure tunnel
Click on “Tunnels� on the left and set up dynamic fowarding for a local port (e.g. 8080). Under “Add new forwarded port� type in 8080 for the source port, leave the destination blank, and check Auto and Dynamic. Then it the Add button. If you did it correctly, you’ll see D8080 listed in the Forwarded Ports box:

That’s it for tunnels, as there is no need to create more than one. Remember to save your session profile in PuTTY so you don’t have to set up the tunnel next time.

3. Connect to the remote SSH server
Double click on the connection profile and type in your username and password when prompted.

4. Configure Firefox
Go to Tools, Options, General, and then click on Connection Settings. Check Manual Proxy Configuration, leave most of the fields blank, but fill in 127.0.0.1 for the SOCKS v5 host with a port of 8080 (or whatever portyou used in Step 2):

6. There is one little problem with this. Although your communications are completely secure from your machine to the ssh host on the internet, your company or proxy operator will still be able to see the domain names you are visiting. This is because TCP/IP can be forwarded but UDP (what DNS runs on top of) cannot. So DNS lookups will be visible by your network administrator. That may not be a problem but you should be aware of this. But if are running the current version of Firefox and would like to protect that information, you can open the about:config page, and change network.proxy.socks_remote_dns to true.

7. Enjoy! Though your communications are completely secure, please use responsibly. Don’t look at stuff you know you shouldn’t be looking at while on the job. I mainly use it to secure my connections to my bank (yes, your company can easily find out your bank passwords and information) and webmail but sparingly.

To prove that the your proxy is working, use ipchicken.com before and after:

Before:

And after with my new ssh tunnel:

Pretty cool huh? Traffic is totally encrypted end to end! This can also be accomplished with Linux and Mac OS X but I’m guessing that most of you are using Windows. This technique can also be used to secure your connection at a public wi-fi Hotspot like T-Mobile/Starbucks or hotels.