If you ever found your web surfing mojo cramped by a (corporate) firewall operated by a half-brained admin with a morality complex, this article is for you. Firefox and SSH allow you to bypass just about any proxy or firewall currently in the market to get to the outside world. As an added bonus you'll get to do it completely encrypted so nobody will be able to see where you're surfing.

The commands in this article work on any UNIX with OpenSSH installed, which includes Mac OS X. For Windows you'll need something like Putty and the procedure will be different, but the principle is the same so it should also work. Anyway, start your favorite terminal and enter the following magic command:

ssh -NCD 1080 yourname@yourserver

Yes, this implies you have someplace trusted to function as the endpoint of your tunnel. Luckily many consumer routers capable of running custom firmware such as Tomato, OpenWRT or DD-WRT can also furnish you with an OpenSSH server to use for this trick. So fill in your own username and hostname and hit the enter button.

What happens next is hugely underwhelming. Nothing at all should happen after you enter your password. The terminal should simply freeze up for the most part, but behind the scenes you'll have a fully fledged SOCKS5 proxy server running off port 1080 on your local loopback IP.

Set your browser to use a SOCKS5 proxy for every address, enter 127.0.0.1 as the address and 1080 as the port. Now surf to a site that displays your local IP address. If all is well you should see the site and it should report your destination's IP address.

For complete confidentiality you'll need to set your browser to pass DNS requests through the proxy as well, or the owner of the client network will still know what sites you visit just not what you're doing there. Push DNS through the tunnel as well and it'll be a complete black box until the traffic comes out from your home IP again.

Nasty proxy in the way?

Almost no corporate firewall allows you to go out through port 22, which is the default for SSH. Lucky for us, they usually do allow secure HTTP traffic over port 443. Make sure your home SSH server is running on port 443 and change to the following command:

ssh -NCD yourname@yourserver -p 443

Now your mileage may vary, but many of the simpler proxy servers will allow you to pass through in this way. This is because the already expect encrypted traffic on this port so much of the proxying logic is turned off and the packets just get passed through. Excellent for our purposes, but it needs a little preparation on your server end to run it on port 443.

Tunnel your DNS requests through SSH

Firefox allows you to do your DNS lookups through the SOCKS proxy. In our case this will shield your browsing completely from any network sniffing between you and your home network. In your browser's address bar type about:config, accept the warning and find the setting network.proxy.socks_remote_dns. Set it to true and you're done.