Browse securely and bypass a restrictive firewall

To bypass censorship and get around a restrictive firewall blocking you from browsing certain web sites, all you need is a dynamic port forwarding. As we have explained in this post:

Dynamic port forwarding is actually a SOCKS proxy. Once you have created a tunnel with dynamic port forwarding, you can configure the web browser to use that proxy.

Configure Firefox

  1. go to Edit -> Preferences -> General -> Network Proxy -> Settings...
  2. check "Manual proxy configuration"
  3. make sure "Use this proxy server for all protocols" is cleared
  4. clear "HTTP Proxy", "SSL Proxy", "FTP Proxy", and "Gopher Proxy" fields
  5. enter "127.0.0.1" for "SOCKS Host"
  6. enter "1080" (or whatever port you chose) for Port.

You can also set Firefox to use the DNS through that proxy, so even your DNS lookups are secure:

  • check the box "Proxy DNS when using SOCKS v5"

The SOCKS proxy will stop working when you disconnect your SSH session. You will need to change these settings back to normal in order for Firefox to work again.

System Proxy Settings (Mail.app, Safari, Google Chrome etc.)

Mail.app, Safari or Google Chrome uses your computer’s system proxy settings to connect to the network. Changing these settings will affect Mail.app, Safari and Google Chrome as well as other programs that connects to the Internet.

  1. Choose Apple menu > System Preferences, and then click Network.
  2. Choose the network service you use from the list, Wi-Fi, Ethernet or AirPort for example.
  3. Click Advanced, and then click Proxies.
  4. Select SOCKS Proxy, and then type “127.0.0.1” in the address field.
  5. Enter "1080" (or whatever port you chose) for port number field.
  6. Click "OK" then "Apply" button to make changes to take effect.

image

Configure Dropbox

  1. Choose Dropbox > Preferences…, and then click Network.
  2. Choose Proxies, and then click Change Settings… button.
  3. Select Manual in Proxy settings, and then select SOCKS5 from Proxy type, type “127.0.0.1” in the Server field, and type the port number of dynamic port forwarding in the port number field:

image

i’ve been using proxifier with core tunnel - I like not having to setup a socks proxy in every application that I which to tunnel.

As much as this is an excellent article, I find Core Tunnel to make my life a little bit difficult, in the sense that when I used SSH Tunnel, I needn’t have to configure SOCK proxy on my Mac. I just go into the browser (e.g. Firefox) and enable manual proxy.

With Core Tunnel, I have to enable SOCK proxy in the system preferences which then breaks my other applications that I don’t intend to proxy their traffic.

Could this be investigated and fixed to make it seamless like we had before. In all great tooling. :slight_smile:

You don’t have to enable proxy in system network preferences in order to work with Firefox. The key is set type to SOCKS v5, clear other proxy types and enable “Proxy DNS”.

Great and it appears the issue is fixed. What I noticed is you haven’t set the tunnel IP and port in the HTTP Proxy section which I had and also ticket the option “use this proxy server for all protocols”.

I copied your config above and all seems OK. Kudos +1

All hail Core Tunnel. :slight_smile:

1 Like

Hi, I’m wondering whether there is a function to add a white-list for the socks proxy to only use the proxy for specified websites, like what can be done using SSH-Proxy. Or are there any workarounds for that?

No such function for the moment, and please make a new post in Request Feature category if you feel the feature is an essential part.