Okay, so for whatever reason you want to bypass your companies firewall to browse websites without being limited by what you can see.
Some companies offer “alternative” access and some are super tight (only allowing news, company and a few other selected websites).This will allow you to connect to anything!
If you are hosting services at home, this will also allow you to connect to those internally. It is almost like a VPN connection to your home environment, without setting up complicated VPN servers. Most of the time companies block VPN ports so that isn’t an option in this scenario.
Basically how this works is you are utilising port 443 (encrypted SSL for https traffic) to connect over the internet using SSH v2. All traffic will be sent over the encrypted SSH v2 tunnel through the internet, through your router and will end up on your Linux machine. From there it will pass traffic back out through your router and to the internet,…. unblocked!
- Router (You will need to be able to log in and forward ports)
- A static IP at home or a dynamically registered DNS record eg. DynDNS (free)
- Linux installed on a computer (This can either be a virtual server running on ESX or if you don’t know ESX you can install VMware 2 or VMware Workstation) – Free
For this example I am going to use ESXi
- Download Linux, use the one you are most familar with or if you are not familar with any, use the one I am using in this example (Debian) and make it available in your virtualisation software (in this case I had to upload it to the vmware store)
- Create a new Linux server, leave all options as default unless you know what you are doing. (This needs to be on the same subnet as your router). I can’t go through the steps as it is very dependant on what Linux flavor and virtualisation software you are using.
- Power on the server, log in, configure network adapter and update all software (This example is Debian, very important to update and keep updated as it will be internet facing!)
- su – root
- Enter password for root
- Add a new user as you cannot connect using “root” for shelling
- # adduser <username>
- vi /etc/network/interfaces (configure network)
- iface eth0 inet static
- address <ip address you want to statically assign>
- netmask <subnet of network>
- gateway <proably your home networks router ip address>
- dns-nameservers <probably your routers ip address> alternatively you can use googles 184.108.40.206 address
- Save and close interfaces configuration file
- ping google.com (test to ensure you can ping the world)
- apt-get update (update sources)
- apt-get upgrade (upgrade packages)
- su – root
- Install SSH server on the Linux server
- apt-get install openssh-server
- Configure SSH to listen on port 443
- vi /etc/ssh/sshd_config
- Change “Port 22” to “Port 443” (If multiple ports are required, add another line and add “Port ##” – ## = port required
- Save and close out of sshd_config
- shutdown -r now
- If you do not have a static IP address (you probably don’t) then you will need to create a dynamic hostname and install the application on your linux server to update it. I am going to use DynDNS for this example. Others include easydns, dslreports, zoneedit
- Go to http://dyn.com/dns/ and register account and hostname
- Sign up for an account
- Create a hostname
- Log out of DynDNS
- Install DynDNS client on Linux – Debian
- apt-get install ddclient
- Select www.dyndns.com as your DNS service provider
- Type in your username from step 8a
- Type in your password from step 8a
- Find public IP using “checkip.dyndns.com?” Select “Yes” and press enter
- Select method for updated names “from list” and select “OK”
- Select the hostname from step 8c
- Test a ping from your workstation to the server (Assuming you are using Windows)
- Start /Run / cmd
- (ping ipaddress)
- Download Putty from here and open application
- Type in the ip address in the “host name” field and change the port to “443”, ensure “SSH” is selected as the connection type and click “Open”
- You should be prompted with a certificate warning if you are connecting for the first time, click “Yes”
- Login using the credentials you specified in step 3b
Configure your router to port forward “443” from the internet to your newly created Linux server. If you don’t know how to do this then you shouldn’t be doing this at all or at the very least you are going to struggle to get this going… There are many hundreds if not thousands of routers out there with different screens, I cannot guide you through the process. If you have a manual for the router, please read it, if you don’t then find a manual on the internet for the router. Most routers have a web interface, open up your favourite internet browser and type in http://ipaddressofrouter. There will be settings under “Firewall” or “NAT” or something along those lines.
- Download Putty from here and open the application
- Type in the static IP address or the dynamic DNS you setup in “Host Name” and change the port to “443”. Ensure “SSH” is selected as the connection type and click “Open” (same as when you connected from home).
- Expand “Connection” expand “SSH” and click “Tunnels” on the left hand side.
- Put “6667” into the “Source Port”
- Select “Dynamic” if not already selected
- Select “IPv4” if not already selected
- Click “Add” – You should now have an entry in “Forwarded Ports” as “4D80”
- Go back to “Session” on the left hand side
- Type in a name you would like to save your session as in “Saved Sessions” and click “Save”
- Double click on the saved session to establish a new connection home
- Click on “Yes” to accept the security certificate
- Log into server
Once you have a connection established you can leave it logged in to allow the traffic to be passed. What I do is run a ping on that session to say anywhere on the internet, most of the time just to google.com or alike. This ensures the session will not time out. If you just run the ping google.com command it will continually run until you hold down ctrl c to stop the connection.
Now for the easier part, configuring your browser….
Configuring the Browser
Okay so I am assuming you are using Microsoft Windows in this case as most companies have Microsoft Windows installed on their desktops.
I recommend not using Internet Explorer as you can use that browser to connect to your office intranet etc. Download Mozilla Firefox – I am going to use it in this example as at 21st June 2013 it is version 21.0
- Open Mozilla Firefox
- Click on “Tools” and Options” at the top
- Click on the “Advanced” tab
- Click on the “Network” tab
- Click on “Settings”
- Click on “Manual proxy configuration”
- Remove anything in the fields with “0” as the ports
- Add “localhost” in the “SOCKS Host” field and change the port to “6667”
- Change the radio button to “SOCKS v5”
- Make sure there is only “localhost, 127.0.0.1” in the “No Proxy For” field.
- Click “OK” on all dialog boxes
All done, try and browse to a website you usually wouldn’t be able to connect to from work. A good one is usually facebook.com
I cannot be held responsible for any misuse of this, this is for educational purposes only.
Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.