I’m probably going to regret showing how simple it is to get around firewall restrictions, but here it is. This is also a learning experience for administrators. The first thing you have to remember is that it is “all about the traffic”. A firewall blocks most traffic based on patterns. For demonstration purposes I am going to use IRC as an example due to it being blocked behind many firewalls.
First, you must realize that if you can Masquerade IRC to look like an accepted protocol then you GOT IT! This is how easy it is using a SSH tunnel AKA Shunnel.
- SSH Service to computer outside the firewalled network: Linux OpenSSH, Windows OpenSSH
- Putty (SSH client): download here
- One .BAT File (we will create this later)
Acquire an SSH service outside the firewalled network. You can use the SSH service for you web hosting or you can install one on a home computer using OpenSSH. If you are going to setup one at home I recommend using OpenSSH for Windows due to its simplicity and ease of setup (those of you that have Linux boxes feel free to use OpenSSH for Linux). Below are instructions for installing OpenSSH on a Windows Box.
Installing OpenSSH on Windows:
- Download the .zip file linked above and unzip it
- Run setupssh.exe
- Choose to install the client and the server
- Now open command prompt and move to C:\Program Files\OpenSSH\bin
- Once you are there type the following two commands separately: “mkgroup -l > ..\etc\group” then “mkpasswd -l > ..\etc\passwd”
- Now that the install is finished you must start your server. Open the command prompt and type “net start opensshd”. To stop the server type “net stop opensshd”. You can also create a .bat file with the start command and link it to the Windows Startup Folder if you would like for your server to start automatically on windows boot.
At this point you should have a SSH connection outside the firewalled network. If you set this up at home without a static IP I recommend creating an account at DynDns.org. They will provide you with a free domain name and a client to update your current IP when changed.
Download Putty to a Directory on your computer.
Open up Notepad and type the following line:
Putty -D 1080 -P 22 -ssh your.domain.com
“your.domain.com” is the domain of the computer outside the firewalled network that you’re ssh is hosted on. It can also be the IP address. Save this file as IRCshunnel.bat in the same directory as Putty.
Now you must configure your IRC client. We will be using mIRC for our IRC client. Click the option button or navigate to View-Options. Under “Connect” on the left sidebar click on “Firewall” and configure as follows:
Also, make sure that you fill in your information under “Connect”. Example as follows:
You have now done everything necessary to begin your chat on IRC. Initiate the session as follows:
- Click the IRCshunnel.bat
- It will open Putty and prompt you for a username and pass for the SSH connection. Enter your username name and pass.
- At this point you should have Putty open to a prompt on your ssh machine outside the firewalled network. Leave this open. DO NOT CLOSE IT!!! You can minimize it if you want to.
- Lastly, Open mIRC and connect to your favorite server.
Don’t be afraid to smile when you finally get to chat on IRC again. If you have any problems setting this up just leave me a comment and I will try to help you out.
If your firewall does not allow outgoing SSH or If you just want to show off, open the config file for you’re SSH server and edit it to listen on port 443 instead of 22. Then edit your batch file to the following:
Putty -D 1080 -P 443 -ssh your.domain.com
This will make your Shunnel appear as if it is a HTTPS connection which is allowed to pass on most all firewalls.
This Shunneling technique is not limited to IRC. It works with anything that allows a Sock4 or Socks5 configuration. You can create other .Bat files for Internet Explorer, Firefox, and other messaging clients. Configure their SOCKS proxy settings to point to server 127.0.0.1 and the port of your choice (make sure to edit the port in you .BAT file). You will then use the IP of your home computer when using these programs.