Tuesday 3 August 2010

SSH peeping through the little cracks in the Great Firewall

One of the HPAMakers has gone to China for a couple of months. We don't tolerate internet filtering. In fact we hate it- they even block facebook :'(

So we decided to help him peep through the cracks of the great firewall. We tried Tor onion router. No go. We tried PHP proxies. No go. etc...
I lost patience at this point and gave him a locked down SSH account on our server and we just tunneled the web and IM traffic through it so he could enjoy tasty unfiltered internet just like they make it back home.

Server: Ubuntu Lucid OpenSSH
Client: Windows XP, putty + firefox portable
Here is a guide that should show you how get the same system working: howto

1. The basic idea was to setup a local SOCKSv5 proxy from putty(tunnels menu), settings: port 7071, dynamic, auto
Since we chose port 7071 so the proxy will run on the client as: 127.0.0.1:7071.
When the SSH connection is made serverip:port, the tunnels are created dynamically and hey presto we have unfiltered internet. Speedtest from lhopki01's end indicates he is getting about

2. Then tell firefox et al. to use proxy server 127.0.0.1 and port 7071.

Then you think: hey great I am done. This all makes sense I can get blocked pages up woohoo. Then you realise that the Chinese govenment have been poisoning and changing DNS records. So you shout: what the f^&"*"£ hell are they playing at!?!
Then you take the final step to make sure the DNS lookups happen back home too: http://home.wangjianshuo.com/archives/20100121_how_to_access_twitter_and_facebo
3. In Firefox, enter "about:config" into the address bar (Yes, it is a strange URL, just in the location where you typically would enter http://....) After click "I'll be careful. I promise" button, you will see a long list of configuration options started with Filter input box.
Enter "network.proxy.socks_remote_dns" (without quotation marks) into the Filter input box, and you will see a line with network.proxy.socks_remote_dns as Preference Name appears. Double click it so the Value field changes from False to True (and you will also notice the line becomes bold).