Getting Around a College Firewall and Bandwidth Throttling

My college, like most others across America employ a restrictive firewall and limit bandwidth for certain file transfers. YouTube in particular is severely limited on my campus making viewing virtually impossible on weekends and painfully slow any other time. Fortunately though, I learned a little more about the network setup and how they prioritize different kinds of network traffic and tunneled my way out to achieve surprisingly snappy YouTube playback and unrestricted access to the internet. Although tunneling is not new, encryption adds a twist to the process and was needed to avoid recognition and limiting of streaming media by the packet inspector.

Quick Overview

I’ll walk you through setting up an encrypted SSH tunnel and a local SOCKS server to route traffic through.


Server Setup

My method requires that you have a very fast remote computer that is running an SSH server. Not necessarily beefy as far as processing power goes but you will need loads of fast bandwidth if you’re routing all of your internet traffic through it. Just remember that if you can get through your institution’s throttler, you may be limited by the speed of your server. I suggest a base dedicated-virtual server from MediaTemple which comes preinstalled with everything you need as well as ample horsepower and bandwidth. In fact that is what I personally use.

Client Setup

Setting up an encrypted SSH tunnel and SOCKS server is extremely easy on Mac OS X.

Open Terminal (quick tip: Mac OS X Leopard Terminal Icon) and type in the following command: ssh -N -p 22 -g -c 3des -D 1080 username@ipaddress

Replace the red part with your own server information. That’s it! You should now have established an SSH tunnel and a local SOCKS server on port 1080.

Application Setup

You will now need to reconfigure your applications to use the local SOCKS server. This process will be different for every application and not all support SOCKS but I will run through Safari and Firefox since these are probably going to be the most used applications.

Firefox Configuration (Version 2)

First, open Firefox preferences and go to the Network Tab in the Advanced section and click on Settings. This will open the proxies configuration page. Next, choose Manual proxy configuration and enter for the SOCKS host and 1080 for the Port. You can add any addresses that you do not want to run through the proxy in the No Proxy box. Finally, click OK and close preferences and you should be all done!

Firefox Advanced Preferences Window Firefox Proxy Configuration Page

Safari Configuration (Version 3)

First, open Safari preferences and go to the Advanced Section and click on the Change Settings button next to Proxies. This will open your network settings in System preferences. Go to the proxies section if you were not placed there automatically. Next, choose to configure proxies manually from the drop down list and more setting swill appear. In the protocol section, check the box next to SOCKS Proxy. Then, in the FTP Proxy Server box enter and 1080 in the following box. Like firefox, you can enter any addresses that you do not want to run through the proxy in the Bypass proxy box. Finally, Click OK and close Safari preferences and should be all done!

Safari Advanced Preferences Safari Proxies window

Command Breakdown

Here’s a quick overview of what each part of the command is doing. If you want super detailed information, refer to the man pages.

ssh : executes secure shell client
-N : Since this is not a typical shell connection, tell the client not to execute any remote commands
-p 22 : The port to connect to on the remote server. The default is 22 so technically this is not needed.
-g : This allows remote hosts to connect to you, useful for two way transfers such as bittorrent.
-c 3des: Use3des encryption
-D 1080: Setup a SOCKS server on port 1080

6 comments… add one
  • hayden Sep 9, 2009 Link Reply

    thank you for this I appreciate when somebody comes up with a good methods or workarounds, I was considering doing this and now you just made my day easier.


  • Jon Stacey Oct 16, 2008 Link Reply

    The Windows article is on it’s way along with a string of other Windows related articles now that it’s midterm.

  • Corey Oct 16, 2008 Link Reply

    Where is the workaround for Windows?

  • Daniel Craig Sep 19, 2008 Link Reply

    Hi there, I was looking around for a while searching for advanced encryption and I happened upon this site and your post regarding Around a College Firewall and Bandwidth Throttling at Jon’s View, I will definitely this to my advanced encryption bookmarks!

Leave a Comment

Cancel reply

Time limit is exhausted. Please reload CAPTCHA.