There’s this annoying thing that’s happening at work. It started with one or two sites being blocked from access while on the company network. It has grown to the point where standard, run-of-the-mill stuff is blocked. For instance, the Google image search for “Linux Mint XFCE” (I’ve been considering switching my work desktop to Mint) turns up results that are blocked by the network. Here’s a screenshot of the warning that a Linux Mint screenshot image link produces.
It would be one thing if I only ran into this “access denied” warning while browsing during lunch. But, this keeps popping up for work-related searches, including the recent issue of not being able to access a page about Python’s Twisted module because it … apparently … contained information about weapons.
Forwarding HTTP Traffic over SSH
So, what I’m going to do is to reroute all of my browser traffic over SSH and through a server that I administrate. Come to think of it, this is a safe solution for many situations (travels, working on sensitive data over an open wifi connection, etc.).
First, you need to have SSH access to a server that can act as a proxy for your web browser connection. I’m using a server that I’ll call proxy.myserver.com. We’ll set up the forwarding here. There are a few command options that we use for the ssh command here. Namely, the D option specifies a local application level port forward and the N tells proxy.myserver.com that we don’t want to interact… we’ll just open a connection in the terminal and let it sit there without a prompt. The real data transfer work is going to be done through the web browser.
Here’s how we set it up, forwarding port 9999 from my desktop to proxy.myserver.com, I enter the following in the terminal on my desktop.
$ ssh -ND 9999 email@example.com
After entering the password, it just sits there, which is exactly what should happen. Now, let’s set up the browser. I’m using Iceweasel (Firefox) on Debian. By entering the options menu at Edit->Preferences and finding our way to Advanced->Connection->Settings, we get the following menu.
By entering a manual proxy configuration with a SOCKS host, we will be able to utilize our SSH port 9999 connection.
Now, Firefox/Iceweasel will use the proxy connection through proxy.myserver.com to fetch any web traffic. If for some reason that connection dies, we’ll get a warning from the browser stating that the proxy isn’t accepting any connections.