Getting Around a College Firewall and Bandwidth Throttling

My college, like most others across America employ a restrictive firewall and limit bandwidth for certain file transfers. YouTube in particular is severely limited on my campus making viewing virtually impossible on weekends and painfully slow any other time. Fortunately though, I learned a little more about the network setup and how they prioritize different kinds of network traffic and tunneled my way out to achieve surprisingly snappy YouTube playback and unrestricted access to the internet. Although tunneling is not new, encryption adds a twist to the process and was needed to avoid recognition and limiting of streaming media by the packet inspector.

Quick Overview

I’ll walk you through setting up an encrypted SSH tunnel and a local SOCKS server to route traffic through.

Requirements

• Mac OS X or *nix variant (see Windows guide)
• Fast remote server

Server Setup

My method requires that you have a very fast remote computer that is running an SSH server. Not necessarily beefy as far as processing power goes but you will need loads of fast bandwidth if you’re routing all of your internet traffic through it. Just remember that if you can get through your institution’s throttler, you may be limited by the speed of your server. I suggest a base dedicated-virtual server from MediaTemple which comes preinstalled with everything you need as well as ample horsepower and bandwidth. In fact that is what I personally use.

Client Setup

Setting up an encrypted SSH tunnel and SOCKS server is extremely easy on Mac OS X.

Open Terminal (quick tip: ) and type in the following command: ssh -N -p 22 -g -c 3des -D 1080 username@ipaddress

Replace the red part with your own server information. That’s it! You should now have established an SSH tunnel and a local SOCKS server on port 1080.

Application Setup

You will now need to reconfigure your applications to use the local SOCKS server. This process will be different for every application and not all support SOCKS but I will run through Safari and Firefox since these are probably going to be the most used applications.

Firefox Configuration (Version 2)

First, open Firefox preferences and go to the Network Tab in the Advanced section and click on Settings. This will open the proxies configuration page. Next, choose Manual proxy configuration and enter 127.0.0.1 for the SOCKS host and 1080 for the Port. You can add any addresses that you do not want to run through the proxy in the No Proxy box. Finally, click OK and close preferences and you should be all done!

Safari Configuration (Version 3)

First, open Safari preferences and go to the Advanced Section and click on the Change Settings button next to Proxies. This will open your network settings in System preferences. Go to the proxies section if you were not placed there automatically. Next, choose to configure proxies manually from the drop down list and more setting swill appear. In the protocol section, check the box next to SOCKS Proxy. Then, in the FTP Proxy Server box enter 127.0.0.1 and 1080 in the following box. Like firefox, you can enter any addresses that you do not want to run through the proxy in the Bypass proxy box. Finally, Click OK and close Safari preferences and should be all done!

Command Breakdown

Here’s a quick overview of what each part of the command is doing. If you want super detailed information, refer to the man pages.

ssh : executes secure shell client
-N : Since this is not a typical shell connection, tell the client not to execute any remote commands
-p 22 : The port to connect to on the remote server. The default is 22 so technically this is not needed.
-g : This allows remote hosts to connect to you, useful for two way transfers such as bittorrent.
-c 3des: Use3des encryption
-D 1080: Setup a SOCKS server on port 1080