Bypassing a restrictive firewall with ssh dynamic port forwarding

To bypass censorship and get around a restrictive firewall blocking you from browsing certain web sites all you need is a shell account that is accessable via ssh on a machine that has a free and open connection. This could be another machine that you own, a friend's machine or even an account rented from an ISP. An example ISP offering shell accounts would be Panix. I'll use them for the rest of this example as I have a shell account with them and hence can easily test the example setup.

All you need to do is make use of dynamic port forwarding to simulate a SOCKS proxy. Here is how you would do it.

Make a ssh connection to the remote machine using dynamic port forwarding. (If the standard ssh port [22] is blocked then some accounts, such as Panix, will allow a ssh connection on another port, such as 80 or 443). For example, on a Windows machine I could connect to Panix by entering the following on the command line:
putty -ssh -D 4096 -P 80 shell.panix.com
In case you are not familiar with Putty* and its command line options I will break that down for you:

-ssh
Use the ssh protocol
-D 4096
Use dynamic port forwarding with 4096 as that port. (You could use any port number you like that is not already in use on your machine).
-P 80
Connect to the server on port 80 (this part may not be needed or your remote machine may not support it)
shell.panix.com
The server you are connecting to. In this example the panix shell server.

Note 1: You can also use the Putty graphical user interface. You do not need to use the command line! Once you have started Putty you can get to the port forwarding section via Connection -> SSH -> Tunnels. Then type 4096 (or any other suitable port number) in the Source Port box, click the Dynamic radio box and click the Add button.
Note 2: If you are using Linux or MacOS/X you could use OpenSSH as follows: ssh -D 4096 -p 80 shell.panix.com
In a browser that supports SOCKS proxies, go into the proxy configuration page and specify localhost and the port you dynamically port forwarded (in this example 4096). All traffic is now routed through Panix.
For example, in Firefox you can access the proxy settings here: Tools -> Options -> General -> Connections Settings. Then select the radio button for Manual proxy configuration. In SOCKS Host enter: localhost and in Port enter: 4096

Once you have this setup you can also configure any other internet application that supports SOCKS proxies to route their traffic through your secure link (e.g. instant messaging with GAIM).

*Putty is a free/open source telnet/ssh client for Windows. Here is the home page. All of the above can also be configured by the Putty GUI and saved as a 'session' if you prefer.

Those wanting to use BBC iPlayer from abroad should read this.