Bypass draconian firewalls
Sometimes workplaces setup draconian firewalls which block urls, and don't let you get out on ports other than 80 and 443. As a developer this is a bit restrictive...
In addition to the firewall, some companies don't give users administrative rights and have really restrictive pc security policies which only allow you to run certain executables on your machine. If only there were a way to get out of this total lockdown..
Tools
- A pc outside of the work network which is connected to the internet and is running an ssh server daemon. (outside of the scope of this article)
- A SSH client on the pc which requires no installation (and no admin rights). You could also use CYGWIN if you wanted but I think it requires admin privileges.
- Optional: a hostname pointing to the outside pc's ip address. I use DynamicDNS for this.
Setup
- Make sure that the ssh server allows connections over port 80 or 443 (the only two allowed by draconian firewall).
- Connect to the outside pc via SSH and enable dynamic port forwarding on a local port.
To establish the SSH connection from the PuTTY GUI:
To setup a dynamic proxy on port 10000, set the source port to 10000 and click Dynamic then click the Add button.
This can also be done from the PuTTY command line:
putty -ssh -D 10000 -P 80 user@outside_server
To establish the SSH connection from the command line in CYGWIN/Open SSH client enter:
ssh -D10000 user@outside_server -p80
This will create a local SOCKS proxy on port 10000. Any request made to that port will forward to outside_server via a secure encrypted tunnel.
Usage
To use this nice little tunnel, you need to be able to use a SOCKS proxy. Lots of apps have this built in by default.
For example, in Portable Firefox (or regular Firefox) you can access the proxy settings here: Tools -> Options -> General -> Connections Settings. Then select the radio button for Manual proxy configuration. In SOCKS Host enter: localhost and in Port enter: 10000
