Introduction:

Almost all the corporate companies, colleges and schools are limiting internet by blocking some specific type of sites and applications. As there are millions of website those are considered as adult in nature and those should not be viewed at work place. Some organizations block Instant Messengers. (i.e. Yahoo Messenger, MSN Messenger, Rediff Bol, Indiatimes Messenger, Chikka, AOL Messenger, IRC chats). And most of the offices PC are behind Firewall and they are allowed to access internet via HTTP-Proxy server only. This means you can go to some websites but you cannot enter to your office PC from outside. Some companies provide alternate way to access office PC from home via Official VPN connection. But some time when we want to access some website and found that is blocked by office firewall, It is really irritating for us when we want to talk to our friends and it is blocked by firewall. I believe in unrestricted access to internet, and you are reading this document so I assume you also believe in the same.

How office/college/school restrict internet access?

If you already know this, then you can skip this section. Mostly they use Firewall to restrict internet connection. This firewall can be a software firewall or a hardware firewall. For discussion it does not matter whether it is a software or hardware. Internet connections works on the basis of IP address and port numbers. When we access some website using its name such as www.google.com internally it is converted into numbers something like 202.123.123.404. So when you access www.google.com firewall knows that you are accessing something at 202.123.123.404 and not its in hand of firewall whether it allows to reach at that address or not. Firewall has rules depending on these rules firewall allows communicate with websites. Some firewall works by looking at the contents of the website, based on the content firewall decide whether this site is allowed or not. This explains how they restrict websites.

For communicating to other computers one should know either there names (such as www.google.com) and there services number (that is port number). For example when you use Yahoo Messenger, typically it contacts yahoo on scs.msg.yahoo.com, on port number 5050. So firewall can restrict this messenger to make a call between your PC and yahoo server. Firewall can allow on some ports and restrict on some port as defined by the network administrator.

What is the concept behind bypassing firewall?

As from office we can go to www.google.com. And I assume that you can reach your home using your home ipaddress. We will create a tunnel from office to home. From home we can go where ever we want to go on internet. Following picture will explain it.

What we need to bypass firewall?

You need following

1. I assume you are using windows machine.
2. Office PC with internet
3. Outside PC with internet to which you can reach.
4. Software for creating tunnel. These are free software so you dont need to pay for them.
5. download SSH Server and client and install them on your both PC
6. SSH server can be downloaded from http://www.openssh.com/
7. Install SSH server on your both pc.
8. For installation refer documentation on the site.
9. Be ensure that you created an user name and password for accessing your SSH server
10. Links for Free SSH clients are available on the OpenSSH website or you can download popular SSH client putty from http://www.putty.nl/download.html
11. For installation of putty we do not need to do anything. Just download it and run it.
12. If your office allows you to go outside on port 22 then you do not need to do anything on SSH server.
13. But if your office does not allow go out side on port 22 then you need to configure SSH server to run on either port 80 or port 443 at your home pc only.
14. For configuring the server you need to locate sshd_config file and find and replace Port 22 with Port 443 or Port 80, save the file and restart SSH server.
15. for SSH client configuration refer following snapshot for configuration at office side
16. When you run put

20. click on Tunnels and you will be at following screen

21.
22. In this screen.
23. in Source Port you can write any number above 1024, for example 2009
24. in the destination you need to write port of your machine from where you can go outside, let say port 8080 and your machine ipaddress. Now screen will look like

25.

26. Now press Add, and click on the Session in the left panel

27.

28. Enter your home ip address or domain name in the Host Name box and in the port you can specify 443 or 80 where ever ssh server is running at your home.
29. Now click on open and you will get something like following screen.

30.

31. Click on Yes, and you will get

32.

33. Enter your user name and password.
34. You will get command prompt of your home PC.

This process will make a tunnel from your office to your home. Now we need to setup a proxy server at your home say that you can use it to access websites.

Download apache from free proxy available from the internet and change its default port 8080.
At you office you need to change your proxy server to 127.0.0.1 and port number to 2009.
Now you can freely access any website securely so that nobody can see what you are accessing over the net.