Introduction: Bypass Filtering Systems on Pcs Without the Insecurities of TOR (the Onion Router) or Tunneling Internet Over SSH

Picture of Bypass Filtering Systems on Pcs Without the Insecurities of TOR (the Onion Router) or Tunneling Internet Over SSH

After reading a post about the onion router (tor) that allows you to bypass censorship without being tracked I was amazed. Then I read that it wasn't very secure as some nodes could input false data and bring back the wrong pages.

I thought to myself, there must be a better way than this, then I remembered there was. I know use this every day at school for browsing and so far haven't had any problems and its 100% secure.

Read on for more!

Step 1: What You Will Need.

What you will need to make this possible:
A pc running linux (I use ubuntu server 8.04)that is outside the censorship, in my case, at home, and is connected to the internet.

A second pc that you will work from at school running either linux or windows. It may work with mac os but i haven't used it so I don't know.

An internet connection for both the second being the filtered one.

Some basic knowledge of your OS also helps but ill put in all the commands to make it easier.

Step 2: Setting Up the First Machine,

Picture of Setting Up the First Machine,

Ok so when your sat at the first computer you firstly need to install SSH. To do this login, then in the commandline or a console window type "sudo apt-get install openSSH-server" without the quotation marks.
It will then ask you to re-enter your password then y (for yes) to install. Once is is done the SSH deamon will start automatically when you start the machine up.
You can leave it at this but I recomend changing some of the settings to increase security and make it more likely to work.

To do this you need again to open a console window or from the commandline and type in "sudo nano /etc/ssh/ssh-config"
This will open a basic text editor for the configuration file.
Scroll down untill you find "hostbasedauthentication" and change the value to no, then scroll futher to find "port" change this to a random port that you will remeber and finally "tunnel" and change this to yes. Then exit the text editor (ctrl+x) then y to keep changes then enter. Then restart the computer and that is the first computer done.
You can make other changes to the configuration file but it isn't needed for just this.

The 3 things changed, if your interested, are to dissable the root from logging in via ssh, to change the port number connections are made on and to allow our webtraffic to be tunneled through it.
Its best to chose a port number that you know isn't blocked like 80 or 443 etc.

Step 3: The Second Computer (the One Affected by the Filtering)

Picture of The Second Computer (the One Affected by the Filtering)

On my computer I use windows and all that school pcs are windows too.

The first thing to do is download firefox (if not installed already) and a program called Putty. These can oth be installed to the pc itself orportable editions are also available to run of usb drives, which is probably better for those who use more than one pc. These can be found by simply entering their names into google.

Install both Putty and Firefox, then open putty.
You should get a window as shown in the first picture.
Next you need to configure it to connect to your first computer.
Type in the IP address and the port number into the two boxes and seclect the SSH button.
In the left hand bar towards the bottom there is a menue called ssh under connection. There is then an option called tunnels select it and a window like this will now be shown.
Type 7070 into the source port and select the dynamic and auto radio buttons and click add. You can now go back to session and save the setup for future use.

If you now click open, all being well, a black window will open and login as: will be displayed. Login now as you would normally if you were sat infront of the first computer.

You can now minimise this window.

Step 4: Configuring Firefox to Connect Through the Ssh Tunnel You Have Just Opened.

Picture of Configuring Firefox to Connect Through the Ssh Tunnel You Have Just Opened.

Open firefox then go to Tools, options, advanced.
Under the nework tab click settings.
Click the manual proxy config button and set it up like it is shown in the picture ( port 7070, socks v5)
Ok, then ok again.
If everything has worked you ar now free to use any site you want regardless if it is filtered or not without any issues!
The best bit is it is 100% secure and untracable!

Yes it does take a bit longer to set up then TOR but it can be easily moved about from filtered pc to filtered pc if you use the portable editions, and you wont get any dummy results:)

Step 5: How It Works.

Picture of How It Works.

Basically, You are telling firefox to connect to the local machine you are using on port 7070 under the SOCKs v5 protocol.
Then Putty "sees" this request to connect to port 7070 and then campsulates the data and encrypts it and sends it down the tunnel, through the internet to your home PC. This computer then unpacks the data and decrypts it and carrys out the request (i.e. fetches the webpage you requested). The whole process then happens inreverse to get the page back to you. (encrypted, tunneled, decrypted and sent back into firefox)

As only you will be using it, it is much faster than than TOR and more secure as it is your own computer!
The best part is if they somehow find a way to block it you an easily change the port you do the ssh connection on and this should free it up. (not the 7070 that the tunnel is on)


DanielB321 (author)2016-02-26


skywiz (author)2013-04-27

Thanks, I read about reverse SSH tunnelling somewhere, but this helped me understand the concept, Great Work ..

mattbeddow (author)skywiz2013-04-27

Glad it helped, ive since found that this can be used for may other purposes than just the internet, i now tunnel most things over ssh, including but not limited to FTP, but mainly FTP

skywiz (author)mattbeddow2014-01-18

Just before I forget, add a country check statement please, tried this in a hotel in Saudi Arabia and within 5 minutes had a guy in green uniform knocking my door, Later found that SSH is banned in some countries....

skywiz (author)skywiz2014-01-18

As a airline crew, I end up frequenting a few countries not my wish list but still ..

tarkhorani (author)2009-07-10

Very Good instruction works for me. Thank you!

mattbeddow (author)tarkhorani2010-01-06

Glad it was of some use to you :)

wee_man (author)2009-04-12

hey i was wondering does this keep the connection from the filtered comp and the server comp open all the time. Because my friend has a limit that he cant go on after 9pm but i figured that the router just won't allow any new connections from his comp to the internet.

mattbeddow (author)wee_man2010-01-06

It keeps the connection open untill you close the putty window or something else closes it. Im not sure what system is in place to stop your friend going online after 9. COuld be the isp cutting the connection or the router or even a program on the pc stopping web use. you would need to find out which it is to start rectifying the problem

Sandisk1duo (author)2008-07-06

Awesome, too bad i have Vista, or i would totally do it!

mattbeddow (author)Sandisk1duo2008-07-07

im fairly sure it works on vista too.

Sandisk1duo (author)mattbeddow2008-07-07

is ther any way you can change your ip while doing this?

dla888 (author)Sandisk1duo2009-04-16

TOR: Google it on the internet and you will get a link to a site.

keastes (author)dla8882010-01-05

and more often than not it will work to bypass the filter, I use it, althouogh it failes 30% of the time

mattbeddow (author)keastes2010-01-06

yeah the problem with TOR though is you bounce between hundreds of pcs to get anonimity but if any one of those computers is sniffing your traffic they can find out all sorts of stuff, hence the need for this instructable. And it works 99% of the time :P

mythbusterma (author)Sandisk1duo2008-10-18

that is no matter as to the fact that ubuntu is free, and extremely easy to dual-boot, so just make a cd give it 10 gigs of your hd and you now use ubuntu

Sandisk1duo (author)mythbusterma2008-10-18

i only have 30gb free of my 120gb hdd

mythbusterma (author)Sandisk1duo2008-10-18

thats ok, unbuntu can run on like 4gb if you really need to

Sandisk1duo (author)mythbusterma2008-10-19

what if i want to boot but not add anything to the hard rive (run everything on ram)?

just make a Virtual machine.
I havent done it with Ubuntu. But I did it on my Vista machine. I made a Virtual Windows XP machine. Its tight, and i know for a fact that you can do it with Ubuntu.
Download VirtualBox for the sun microsystems site. and install it.
I think their is an instructable on this site on how to run Virtual machine.
Hope this helps =]

mythbusterma (author)Sandisk1duo2008-10-19

running it on ram would be the incorrect term it would be a boot cd and that is the standard for ubuntu

Sandisk1duo (author)mythbusterma2008-10-19

you got a link?

mythbusterma (author)Sandisk1duo2008-10-31

bittorrent or standard?

and also would you like 32-bit or 64?

Sandisk1duo (author)mythbusterma2008-10-31

umm... bittorrent i don't know about 32-bit or 64-bit what comes standard on bad computers? >2gb ram, 2ghz

mythbusterma (author)Sandisk1duo2008-11-17

here is your link

MAKE SURE you make the cd a image not just write the file to the cd use magic iso or something like that

mattbeddow (author)Sandisk1duo2008-10-31

I dont know a huge amount about live cds of linux distros but im fairly sure you cant add software to them once theyre made so you would either have to install it to your hdd (ive got a ubuntu distro running on my eeepc and it is only using under 2gb) or get a distro with the required software already on it.

tarkhorani (author)2009-07-10

I have a question. do you know any software free or commercial that we give it the 1st Computer IP and the port and click a button to connect to it and all programs connect to it other than firefox also

mattbeddow (author)tarkhorani2010-01-06 will give you a text based address to get your home ip (eg instead of but it wont actually connect anything.
Putty will connect to it and open the ports specified to it, then you need to configure all your programs to work connect to yourself on port 7070 to work.
I dont know of any software that will do this for you im affraid

keastes (author)tarkhorani2010-01-05

use a host name from or simalir

KiloVision (author)2008-10-08

FYI, this technique does route the http requests to your home machine via SSH. However, the DNS requests are still processed by the machine you are on (at work, school, or whatever). While the filtering system will be bypassed, your school's or work's DNS records will show where you went.

Pie Ninja (author)KiloVision2009-09-17

Who cares, it's not like they're constantly monitoring that. And even if they do find out your going on unfiltered sites, they won't know how.

About This Instructable



More by mattbeddow:Fix Your Frozen Zune 30!!Bypass filtering systems on pcs without the insecurities of TOR (the onion router) or tunneling internet over SSHPalm Os device to work as a LCD status display. (now with pictures!)
Add instructable to: