Punch Through Your Corporate Firewall So You Can Do Your Damn Job!

I'm a network security administrator and this job requires that lock things down to a point where I can't even do my own job (damn I'm good, and yes I do know about exclusions). The idea is to be able to "backdoor" the network policies and protections to do your job, the purpose is not to "surf anywhere you want on the net without getting caught". Network policies are there for a reason, to protect network and computer resources from morons doing stupid crap and loading up their PC's with spyware. This is what you'll need:

• A Linux machine on the outside which has unrestricted access
• Broadband connection (you do not want to be surfing at 56k)
• SSH configured properly to support SOCKS proxy forwarding
• PuTTY client for Windows
• FireFox Web Browser (I'll tell you why this is important later)
  

This is the procedure on how it's done:

On your Linux Box:

1. Log into your machine
2. Change to root
3. Edit /etc/ssh/sshd_config
4. Add or uncomment a line that says "AllowTcpForwarding yes"
5. Near the top you may want to add another listen port in case you do something stupid and block yourself. That's done by adding single lines like this:

Port 22
Port 8022
Port 22222

Now it will listen on ports 22, 8022 and 22222, save your config file and restart the SSHd. If you ware running your Linux machine on a home network behind a router make sure you forward these ports to your machine on the inside.

On the Windows Side of things:

1. Download the PuTTY client
2. Run it
3. Type in the Internet address of your server.
4. Enter the port number you want to connect to (ie 22, 8022, 22222)
5. Make sure the SSH radio button is selected.
6. On the left, navigate down to Connection >> SSH >> Tunnels
7. In the "Source Port" box type in 10000
8. In the first set of radio Radio buttons select "Dynamic"
9. In the second set make sure "Auto" is selected
10. Click the "Add" button
11. Scroll all the way back up to "Session" and click it
12. Give the session something generic "my connection" is fine.
13. Click "Open" to start the session
14. Enter your username and password.

If you successfully logged in, your tunnel is now active and waiting for you to use it! Now we need to configure a web browser to use this connection. I'll use Firefox as the example because it does everything well and gives me s little protection from smacktards out there.

1. Download and install FireFox, if you can't install anything you should get the thumb drive version which doesn't require installation
2. Start Firefox
3. Go to "Tools" >> "Options"
4. Click the "Advanced" Tab
5. Where it says "Configure how firefox connects to..." click the "Settings..." button
6. Select the "Manual Proxy Configuration" radio button
7. In the "SOCKS Host" box type in "localhost"
8. In the port information for the SOCKS Host type in "10000"
9. Make sure "Socks v5" radio button is selected
10. Clear out the "localhost,127.0.0.1" entries in the "No Proxy for" box
11. OK your way back to firefox browser window

Now we need to tunnel DNS lookups as well to keep our own DNS server perstine; so we'll tell firefox to pump these DNS lookups through the SOCKS proxy:

1. In the address bar type "about:config" and hit enter, this will give you FireFox's configuration guts.
2. In the filter type in "dns", this will cut down the options so you don't have to go shuffling through a bunch of crap
3. Look for the option "network.proxy.socks_remote_dns"
4. Double click it so the value changes to "true"
5. Hit the home button to now you're loading your pages through the proxy.

Enjoy being able to do your damn job!