Apple Certified Professional
Member of Apple Certification Alliance

Microsoft Certified Professional
Member of Microsoft Certified Professional

Having computer problems? Let our professionals solve them and help the poor at the same time!

Call us now (408) 916 - 3614 |

Bypass Firewall

This method using SSH tunnel to allow you to forward any port from one side of a firewall to the other side (assuming this firewall has SSH port [22] opened - it often does) Below is one of many examples how you can use SSH tunnel to bypass a firewall or Internet proxy to surf the Internet freely.


You are blocked or limited to surf the Internet freely (A) because there is a firewall or an Internet proxy (B) between you and the free Internet that blocks or limits your Internet access; however, you have a SSH account on a SSH server (C) outside of your limited network, and you want to utilize it to surf the Internet freely without being monitored by the people on your network as shown in the picture below

What you need:

  1. PUTTY.EXE software for Windows that can be downloaded here Mac OS X, Linux and UNIX users can use their built-in SSH client software (command line - see Test SSH Connection for more setup information and skip the Set Up PUTTY Software to Do SSH Dynamic Port Forwarding)
  2. An Internet browser that supports SOCKS like FireFox (recommended), Internet Explorer and Safari.
  3. A SSH account outside of your limited network. If possible, get a SSH account from a College or University in the United States because  this SSH account is reliable, less restricted and the bandwidth to and from their server is great.
  4. If your limited network has a firewall that block all traffic except web traffic http and https which default to port 80 and port 443, then you need to have an SSH server outside your limited network that listen on port 443 instead of the SSH default port 22 to bypass this firewall.
  5. Time: 30 minutes

What we will do:

  1. Set up PUTTY software to do SSH dynamic port forwarding
  2. Test SSH connection
  3. Set up Internet browser (I will use FireFox) to use SOCKS proxy
  4. Test our setup

I) Set Up PUTTY Software to Do SSH Dynamic Port Forwarding

  1. Launch Putty

  1. In Saved Sessions box, type in a name that you want. I named mine FREEDOM. And in the Host Name (or IP address) box, type in the name or IP address of the SSH server that you have an account with. The default port is 22; however, if your limited network firewall blocks this port 22 then you need to have a SSH server outside of your network that listens on an alternate port 443, then here you would use port 443 instead of the default port 22. Otherwise, just use the default port 22 as shown below.

  1. Now, click Save button that locates between the Load and Delete buttons

  1. Select Connection and change your setting so it looks like the options as shown below (Seconds between keepalives is 60, Enable TCP_keepalives and IPv4)

  1. Select SSH and change your settings so it looks like the options as shown below (2 only)

  1. Select Tunnels and change your settings so it looks like the options as shown below (Source port 443, Dynamic and IPv4)

  1. Now, click the Add button that is next to 443. After you click Add you will see a similar window as shown below

  1. Now, this is important. We need to save all the changes that we have made so far. To save all the changes, select Sessions and click the Save button again. If you don’t do this step, all the changes that you have made so far will be lost.

II) Test SSH Connection

  1. From the above window, click Open or double-click on FREEDOM. When prompted, enter your SSH username and password


  1. When you are successfully login, minimize this window (don’t close it) or just leave it open like that
  2. If you are using Linux, UNIX or OS X, use the following command line

       ssh -2D 443 yoour_username@your_ssh_server

The option 2D tells ssh client to connect to ssh server using ssh protocol version 2 which is more secure than version 1 and listen on your computer on a dynamic port 443. Substitute your_username and your_ssh_server with your ssh username account and ssh server that you have an account with. Make sure your ssh client supports SOCKS 5, if not, upgrade or use ssh client that supports SOCKS 5; otherwise, this whole setup will not work.

If you can’t login, go back and check the steps above and make sure you follow the instruction correctly and entirely and also make sure you have and enter a correct username and password. DO NOT continue the steps below until you successfully login to your SSH server here.

III) Set up FireFox/Internet Explorer to Use SOCKS

  1. Launch FireFox, then click Tools and select Options, you will see a similar window as shown below (I strongly recommend you to use FireFox as your primary Internet browser; however, if you use Internet Explorer, then click  Tools and select Internet Options. Under Connection tab, click LAN Settings. Check the box "Use a proxy server for your LAN" and click Advanced. After click Advance, under Proxy Settings, for Socks only, type in and 443 for Port

  1. Click Connection Settings and change your settings so it looks like the options as shown below (SOCKS Host and Port 443) and click OK when you are done.

IV) Testing

Make sure you close PUTTY and FireFox completely then

  1.  Launch PUTTY first and double-click on FREEDOM to connect to your SSH server
  2. After you successfully authenticate to your SSH server, leave this PUTTY window open. You can minimize it, but don’t close it.
  3. Launch FireFox and surf the Internet freely. If you can’t surf the Internet, then check your FireFox settings again, and repeat this testing

NOTES: This method that I just showed you above not only allows you to by pass firewall, but it also encrypts your traffic to avoid being monitored, hides your computer IP address when you surf the Internet (it will use your SSH server IP address), and you can use this method for any application that support SOCKS 5 like Gaim Instant Message (IM)

ABOUT US > RESOURCES > Technical How To > Bypass Firewall [Print Version]

Copyright 2006 - 2010 AngelTech.US