Bypass almost any firewall with an SSH tunnel on port 443


How to set up a SSH tunnel proxy that will bypass most firewalls that aggressively block ports other than those used by HTTP and HTTPS traffic

Recently, I told how to set up and surf through an SSH tunnel that would bypass a firewall at a public library that blocks out what may be considered objectionable content.

After writing that howto, I came to realize that some firewalls block port 22, which is needed for those instructions to work.

The easy way around a firewall that blocks port 22 when you need to create an SSH tunnel is to configure your SSH server to use a different port, one that the firewall you're behind will allow traffic to pass through.

Port 443 is a good alternate choice for your SSH server to listen to. It's not blocked by almost any firewall because it is commonly used for web pages that use the HTTPS protocol.

When you set up your Linux OpenSSH server to listen to port 443, you should have no problem creating a SSH tunnel that you can use as a proxy so that you can surf the web privately and without restriction.

What follows is how to do it

Configure the SSH server to listen on port 443

Log in to the computer that has OpenSSH server installed and edit the file /etc/ssh/sshd_config , adding on a new line, the te

Port 443

That's the only edit you'll have to make. Now restart your SSH server with the following command, and run it with root privileges:

/etc/init.d/ssh restart

Now that you've restarted the SSH server with the new settings, you should be able to now log in to your server on port 443 like this:

ssh username@yourserverip -p 443

If everything is fine, then you're good to go and you can configure Firefox to use this connection as an SSH tunnel proxy.

If it's not working for you, then check to make sure that Apache or another web server isn't using port 443. Also, make sure that your router is set up to allow traffic on port 443 to be directed to your SSH server.

Configuring the proxy in Firefox

If you've got your remote machine set up to allow SSH connections on port 443, then you can proceed to create a SSH tunnel and then set up Firefox to use that tunnel, thus bypassing any filtering of a fascist firewall.

Create the tunnel

Run the following command to create an SSH tunnel to your machine on port 443:

ssh -D 9999 -C YourUsername@YourServerIP -p 443

The '-C' option just adds compression to the connection. Once you've successfully connected using the above command then you're ready to set Firefox's proxy configuration.

Configuring Firefox to use the Proxy

  1. In Firefox, go to Edit>Preferences>Advanced>Network>Settings
  2. Select "Manual Proxy Configuration"
  3. For "SOCKS Host:" enter "localhost" and for "Port:" enter "9999"
  4. Choose "SOCKS v5"
  5. Click "OK"
  6. Point your web browser to to find out if your IP address is being reported as the same as the IP address of the computer running your SSH server. If it's the same, then everything works.

That's about all you have to do to surf through a private SSH tunnel with Firefox and using your own Linux SSH server.

 is an excellent web site that's powered by TYPO3 and other great open source software. is also a fat free alternative to ice cream.