Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Bypass firewall restrictions via an HTTPS proxy Network
Our IT people decided that it was a bad idea to access the Internet recently, and our beloved open-access policy was replaced with a block on all ports, with ports 80 and 443 (http and https) now routed via a proxy server. No more getting my Gmail or other POP/IMAP mail, no more MSN, Jabber, ICQ, etc.

Needless to say, I was peeved. I did some digging and came up with this absolutely wonderful little program called Proxytunnel. You see, if your network admins are anything like mine (and most are), they will have allowed you acccess to secure sites via an HTTP proxy. The thing with SSL and proxies is that because everything's encrypted, the proxy can do naught but just pass on your requests to the sites in question, and can't have any say on what protocol is used. So get Proxytunnel, drop it in /usr/local/bin or anywhere else in your path, and then do something like this:
/usr/local/bin/proxytunnel -a 5222 -g 123.123.123.123 \
-G 8080 -d myjabberserver.com -D 5222
You can now access your Jabber server by setting up iChat to connect to server localhost instead of myjabberserver.com (the 123.123.123.123 IP address is the IP of your proxy server; 8080 is the port. The first 5222 is the port on localhost that proxytunnel will be listening to, the last one is the port of your jabber server. Note that you need to run Proxytunnel as root if you want it to listen on a port below 1024; however, you can make it listen on a different port.

So to access GMail's secure POP server as localhost:995, you could do:
sudo /usr/local/bin/proxytunnel -a 995 -g 123.123.123.123 \
-G 8080 -d pop.gmail.com -D 995
To access it as localhost:9995, just do:
/usr/local/bin/proxytunnel -a 9995 -g 123.123.123.123 \
-G 8080 -d pop.gmail.com -D 995
If your Mac is always connected to a firewalled network, you can stop reading now. Set up proxy tunnels, and you can use any service you want.

Defining host aliases to work with default application settings

However, I have a PowerBook which I lug home most evenings, and this would cause a few problems. I can write scripts to set up and tear down all the proxy tunnels I need (one for GMail, one for a regular POP3 mail server, and one for my Jabber server), but I'd have to change all my mail, iChat etc. settings back if I was going to be able to work outside the office. So I thought of a nice solution ... why don't I just make 127.0.0.1 an alias to the hosts in my /etc/hosts file? Sure enough, I changed the line:
127.0.0.1       localhost
to:
127.0.0.1       localhost myjabberserver.org pop.gmail.com pop.myisp.com
These are the host names for my Jabber server and POP servers. Now we need to let lookupd flush its cache so that it reads the changes, so we issue a lookupd -flushcache. Now, with proxytunnel running, when Mail.app looks up pop.gmail.com, the resolver tells it it's 127.0.0.1, the local host, so it connects to port 995, and the proxy tunnel forwards the request via the proxy server.

The rather obvious limitation is that you can only have one proxy tunnel per port, so if you want to access two services that use the same port, you're out of luck. Fortunately I use port 5222 for Jabber, 995 for GMail's secure POP, and 110 for my ISP's POP3 server, so I don't have such limitations.

Putting it all together

Now that everything works, we need a quick way to switch between the office (behind a firewall) configuration and the home (open access) configuration. I created two copies of the hosts file: the modified one as /etc/hosts.proxytunnel and the original hosts file as /etc/hosts.default. And now here comes the AppleScript. Please note that line breaks have been added for a narrower display, but they must be removed when you paste this code in Script Editor:
do shell script "/usr/local/bin/proxytunnel -a 5222 -g 123.123.123.123 
  -G 8080 -d myjabberserver.org -D 5222 &> /dev/null &"
  with administrator privileges
do shell script "/usr/local/bin/proxytunnel -a 995 -g 123.123.123.123 
  -G 8080 -d pop.gmail.com -D 995 &> /dev/null &" 
  with administrator privileges
do shell script "/usr/local/bin/proxytunnel -a 110 -g 123.123.123.123 
  -G 8080 -d pop.myisp.com -D 110 &> /dev/null &" 
  with administrator privileges
do shell script "cp /etc/hosts.proxytunnel /etc/hosts"
  with administrator privileges
do shell script "lookupd -flushcache" with administrator privileges
You could just write a shell script, of course, but AppleScript gives you a nice password dialog when you run this from the script menu (you need admin privileges to swap the hosts files, in addition to setting up the tunnel for ports below 1024; lookupd and the first tunnel could be run without admin privileges, but it's there for symmetry). And now, the one to bring everything back to normal (the first line has been split; it should be one line):
do shell script "cp /etc/hosts.default /etc/hosts"
  with administrator privileges
do shell script "lookupd -flushcache" with administrator privileges
do shell script "killall proxytunnel" with administrator privileges
Enjoy your unfettered Internet access.

[robg adds: Before you try this one, keep in mind that breaking internet access policies at your place of employment may get you terminated ... which would be a high price to pay for checking your Gmail account!]
    •    
  • Currently 2.14 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (7 votes cast)
 
[173,897 views]  

Bypass firewall restrictions via an HTTPS proxy | 39 comments | Create New Account
Click here to return to the 'Bypass firewall restrictions via an HTTPS proxy' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Not too smart...
Authored by: darken9999 on Aug 12, '05 10:36:22AM

As an administrator, I have massive objections to this sorta thing. That aside...

If you're being routed through a proxy, it's very possible that someone is looking through the proxy logs. Even if they don't look at every site you visit, they at least see a list of who uses the web most and who uses it least.

If I was running a proxy, and all of a sudden one of the workstations web activity stopped, I'd check it out. Then that person would be fired, no questions asked.



[ Reply to This | # ]
Not too smart...
Authored by: Marco Cottone on Aug 12, '05 11:19:10AM

only fired? why don't we kill him?
he has dangerous notions and we are not able to stop him...


---
operation: mindcrime



[ Reply to This | # ]
Not too smart...
Authored by: darken9999 on Aug 12, '05 11:26:39AM

It's one thing to make a mistake, but a company doesn't need someone who wants to put that much effort into breaking the rules.



[ Reply to This | # ]
What a nice guy you are
Authored by: ruaric on Aug 12, '05 11:28:29AM
no questions asked.

Hmm how nice of you! A little harsh though don't you think? I would ask them about it and get their side of the story. Shame to lose someone without at least giving them a chance to explain.

Of course in most large companies (in the UK at least) you would not be able to fire them no questions asked. Also an administrator would not have authorisation to fire them without getting HR and the person's manager involved. Though perhaps it is different where you work.

[ Reply to This | # ]

What a nice guy you are
Authored by: mm2270 on Aug 12, '05 02:54:50PM

I would think that before anyone could get terminated from their place of employment by bypassing a proxy, they would first have needed to sign a computer policy agreement specifically stating that it is against company to do so.

In the case of the user who posted this hint, it sounds to me like he used to have access to these services before, and then something changed on the IT end. It would be kind of irresponsible for a company to suddenly halt access to the internet or some services without at least an email explaining that the change is happening. The user could simply argue that he/she wasn't aware that Gmail or whatever was off limits now, since he/she was able to get to it before. IANAL, but I think that argument may hold some weight in a unlawful termination suit.



[ Reply to This | # ]
Not too smart...
Authored by: hexghost on Aug 12, '05 06:54:21PM

Whatever keeps your babysitting job around and instead of in India, eh?



[ Reply to This | # ]
Not too smart...
Authored by: kevinv on Aug 15, '05 10:03:27AM

A company can pretty much fire you for anything they wish execept the specific discriminations that are outlawed. You don't have to sign anything before they can fire you for abuse of network resources.

Depending on the nature of the company there maybe very good reasons for the lock down. Do you really want the local bank teller using iChat to send your bank account info to an accomplice on the outside? Do you really want a broker using non-recorded IM to communicate insider information to screw over your 401(k) investments?

I don't think this hint is inappropriate, there are legitimate uses for it too, but as an administrator charged with enforcing company policy anyone found circumventing policy will be reported. Firing isn't up to me, but it'd be a likely scenario. User beware of what you do at work....



[ Reply to This | # ]
Not too smart...
Authored by: iamacat on Sep 27, '05 07:19:29PM

Oh boy.. As someone who actually makes money for the company, I am valued far more than an IT person. My manager will not be amused when you ask him to fire me for checking my gmail account. I think you would have a rather unpleasent conversation with your own boss later. Best just stick to keeping things running smoothly.



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: i5m on Aug 12, '05 10:38:21AM

Well at least you get to use macs at work. Would be more useful to me translated to windows.

As far as contraveyning IT policy - well, all you have to do is sit in front of a computer at most places. I'm not "allowed" to use Firefox here, although I can use the insecure IE? With IT policies like that why pay attention?



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: ruaric on Aug 12, '05 11:05:37AM
I wrote this for people in countries that censor internet connections but it could equally be used by someone like you trying to get around a restrictive firewall at work. You can replace the public ISP with your home machine if you like, assuming it is always connected to the internet and either has a static IP or Dynamic DNS address. Since you are using Windows (and hence would make use of Putty), use the graphical interface to configure rather than teh command line options I have given. That way you can make use of proxy settings as well (if needed). In addition to dynamic port forwarding you might want to make use of regular port forwarding for applications that can't use a socks proxy (e.g. if you setup pop or imap email).

[ Reply to This | # ]
Why not just use SSH?
Authored by: jorn_k on Aug 12, '05 12:06:17PM

Like this (example would tunnel an IRC onnection):

ssh -N -p 22 -c 3des myuserid@mybox.net -L 6667/irc.irchost.com/6667

What am I missing here?



[ Reply to This | # ]
Why not just use SSH?
Authored by: TheGS on Aug 12, '05 12:31:27PM

The very first paragraph in the post mentions that all of ports (in or out) are blocked, except for http and https routed through a proxy. I would assume that this means that the ssh port (22) is also blocked and ssh tunneling can't be used unless first tunneled through port 80 or 443 (and through their mandatory proxy).



[ Reply to This | # ]
Why not just use SSH?
Authored by: Anonymous on Aug 12, '05 09:00:33PM

SSH can run on any port. 80, 443, whatever. 22 isn't a law.



[ Reply to This | # ]
Why not just use SSH?
Authored by: masonbrown on Aug 13, '05 05:43:18PM
SSH can run on any port. 80, 443, whatever. 22 isn't a law.

That may have been enough back in 2001, but today only the simplest of simple firewalls just passes anything through port 80 and 443 when they're allowed outbound. Almost every firewall available will inspect the traffic, ensure that it conforms to defined HTTP RFPs, and can selectively filter / reject / rewrite specific HTTP commands (such as the HTTP CONNECT command). Anything that falls beyond the allowed HTTP commands and doesn't conform to strict RFC standards will be at least dropped, but will also likely alert the administrators to a possible attack. Out-of-spec traffic trying to hide on port 80 is something typical of spyware, virii, etc. and therefore is considered a significant security issue. The firewall will raise all kinds of flags to alert the administrators.

[ Reply to This | # ]
Why not just use SSH?
Authored by: david-bo on Aug 17, '05 06:04:31PM

There are several SSH-implementations that supports http-proxies. I usually use Mindterm from Mindbright (they have changed their name but I can't recall it). It even runs as an applet in a browser. Since it does not support dynamic ssh tunnels you have to add a proxy server on the other end of the ssh tunnel but that is easy.

---
http://www.google.com/search?as_q=%22Authored+by%3A+david-bo%22&num=10&hl=en&ie=ISO-8859-1&btnG=



[ Reply to This | # ]
Why not just use SSH?
Authored by: extra88 on Aug 12, '05 02:32:00PM

You're missing that the overzealous firewall blocks all outgoing except 80 and 443 so you can't get to 22 on your home machine.

Also creating the ssh tunnel requires authenticating at the ssh server. If you're just using that server as a middleman to sites like pop.gmail.com, why bother?



[ Reply to This | # ]
Why not just use SSH?
Authored by: jorn_k on Sep 27, '05 10:27:21AM

...so that I can actually -=get=- to pop.gmail.com.



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: matsur on Aug 12, '05 01:24:49PM
As an aside, this is an absolutely amazing ssh trick to get around http filters/etc.
ssh -D 1080 user@foo.bar
Then set your browser to use 127.0.0.1 on port 1080 as a SOCKSv5 proxy. You have to be able to ssh out from where you are, but other than that there is nothing special required. Was great for getting around the Great Firewall in China, as all http traffic is passed through the ssh tunnel to foo.bar (in my case a university unix machine). You want foo.bar to be on a pretty nice connection so that you are not to latent in accessing the web.
matsur

[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: genericuser on Aug 12, '05 02:08:33PM

works with the sw p2p?



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: bill_mcgonigle on Aug 13, '05 12:00:33AM

Stephanos - take this as a sign. I see this all the time. Your management team is inept. Your CEO might be a stupid ahole too. They don't understand so they fear. They fear so they impede.

This is going to start to pervade all aspects of the business if it hasn't already. Get your resume up on Monster and find a decent job. Your life is just going to get progressively more miserable if you don't.

You clearly have a clever mind and know how to solve technical problems, so there are lots of people out there hoping someone like you will just drop a resume on their desk. Learn to identify the non-technical problems too. Good luck.



[ Reply to This | # ]
idiotic
Authored by: macubergeek on Aug 13, '05 08:14:30AM

Security admins restrict outbound protocols like AIM for a reason. It's insecure. Worms are now being transmitted via AIM. So are the latest versions of Phishing attacks. Yes you can get around just about any restriction. It might be more constructive to open a dialog about the restrictions. MacOS X gives organizations the opportunity to bring Instant Messaging in house. You can run an IM server on Server, use Jabber and encrypt everything. IM can be used constructively as a collaboration tool. Discussions of constructive uses seems better than adolescent rants against "clueless" management.



[ Reply to This | # ]
What's port 22 for?
Authored by: derekhed on Aug 15, '05 11:25:53AM

This was the question our IT people asked me when I requested port 22 to be opened to my workstation. Frankly, I lost all respect for them at that point. They added a filter because some salesperson made it sound like the world would end if they didn't. Of course, they standardized on Dells, so they might have been right.

Don't see why I should have to suffer. I get more work done by bringing in my own laptop and using free software than I do on my Dell and a pretty liberal budget.

I am not advocating irresponsible behavior, but if the support folks don't know how to support you, roll your own.



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: stephanos on Aug 22, '05 02:52:11AM

Bill, thanks for the praise, but it's not really that simple. My management and admins are not idiots. They know I'm doing this, and they don't mind. In fact they told us beforehand when the policy was instated that if we found a hole, we could use it. So I just did.

I'm a software engineer. I'm the only one in my company that uses a Mac. I had to beg and plead before they got me one (yup, they paid for a brand spanking new top-of-the-line PowerBook plus a gig of RAM, and I get to take it home, as well as buy it off them at a very reasonable price if I ever leave. So yeah, I'm appreciated :-)), and I had to promise that if I ran into any serious incompatibilities it was my job, not theirs, to fix them - so far, I haven't, though I do cheat by using Terminal Services to connect to a couple of Win2K server machines once in a while for some odd IE testing. I do J2EE/Oracle development in Eclipse, so I saw no need for me to suffer Windows.

The point is, not everyone here is a software engineer or has these kinds of skills. People ran old versions of MSN Messenger or ICQ that are wide open to bugs. They ran P2P software. They ran all kinds of dodgy stuff on Windows systems. The firewall and proxy is there to protect these guys. If I can get around it it's no big deal, because they know I'm the least likely person to get a worm or a virus. If I made enough of a fuss they might even open up the ports for me anyway.

Security is a relative thing, anyway. You could have all the latest patches, AV data files etc. and still be hit by the first wave of a new worm. I know how to deal with this stuff, before and after infection.

Of course, I work at a small company, and in a larger organization I can see the need for strict enforcement of rules. But the firewall and proxy are there for a simple reason, to protect our layperson Windows users from the onslaught of malware and I don't really do anything to undermine this, so everyone's happy. The only annoyance is I have to select an item from the script menu in the mornings when I come in and hook up my PowerBook, and once more again before I leave in the evenings. I can live with that, and I don't think the policy is stupid.

I think most right-thinking IT admins and managers would agree with this, and even with this hint as posted, you'd have to be at least an intermediate computer user to get it to work, and a Mac user, so it's extremely unlikely you'll catch any malware because of it. If someone got into trouble anyway, then yes, I think they're working with some short-sighted people. That's their decision to make.



[ Reply to This | # ]
Helps prevent loss of data
Authored by: masonbrown on Aug 13, '05 05:48:52PM

With the speed data travels over the Internet today, any company serious about maintaining its private data as private is filtering Internet traffic. A good number of major companies are even having people, not computers, read every single e-mail sent outside the company before allowing it.

Imagine someone gains access to a database with employee information. They may be able to extract and distill information such as social security numbers, direct deposit account info, and salaries into a 10 MB file. Way too much to print out and take home, but easily within reason for sending via e-mail. Even if it's broken into 10 smaller files. Without any outbound traffic filtering or other controls, this is transmitted within seconds to the outside where it can be used for whatever purposes.

There's data much more critical to companies than personnel records. Drug formulas, market research, whatever. Anyone who allows unrestricted employee access to/from the public Internet is just asking for their data to become public.



[ Reply to This | # ]
Helps prevent loss of data
Authored by: david-bo on Aug 17, '05 06:06:34PM

I don't think so. Why waste money on more or less useless security? If you are even the least talented you can easily work around obstacles like that, e.g.,:

1. Use a ssh client that supports whatever proxy the company is using and sftp the files to a computer outside
2. USB memory stick, zip, cd-r whatever
3. Steganography. Send yourself 'innocent' looking photos with data encoded into them.

You can't protect yourslef from all these methods, you can only be a good employer to whom the employees feel loyalty, responsibility etc.

---
http://www.google.com/search?as_q=%22Authored+by%3A+david-bo%22&num=10&hl=en&ie=ISO-8859-1&btnG=



[ Reply to This | # ]
Unable to install ProxyTunnel
Authored by: TicToc on Aug 15, '05 06:35:36AM

I'd like to try this hint, but I'm having difficulty getting proxytunnel to compile. I'm a Unix beginner, so please be gentle! I've downloaded & uncompressed ProxyTunnel 1.2.2, and tried:
[code]sudo make -f makefile.darwin
sudo make install[/code]
After the first step I get one line tha looks like an error to me:
[code]proxytunnel.c:217: warning: passing arg 3 of 'accept' from incompatible pointer type[/code]

And then I get the following at the second step:
[code]install: root: Invalid argument
make: *** [install] Error 67[/code]

Any suggestions gratefully received.
Thanks in advance.



[ Reply to This | # ]
Unable to install ProxyTunnel
Authored by: jpalm1977 on Aug 17, '05 04:40:16AM
Hi TicToc,

I'm also a rank beginner, and had the same problem :(

But i managed to figure out that the 'Makefile' file holds the answer to our problem.

If you open the 'Makefile' file with a text editor (even TextEdit), and change the bottom section:

install:
		mkdir -p $(INSTALLPATH)
		install -g root -m755 -o root $(PROGNAME) $(INSTALLPATH)/$(PROGNAME)
		install -g root -m644 -o root debian/$(PROGNAME).1 $(MANPATH)/$(PROGNAME).1
to this:
install:
		mkdir -p $(INSTALLPATH)
		mkdir -p $(MANPATH)
		install $(PROGNAME) $(INSTALLPATH)/$(PROGNAME)
		install debian/$(PROGNAME).1 $(MANPATH)/$(PROGNAME).1
You should be able to run the 'sudo make install' command with out any problems or errors :)

It seems that the original makefile install code was trying to create the installed files with group & mode info set to root, which was generating the error! So i just removed those switches and the problem went away, YAY!
I also added a line to create a man folder for the man info in usr/local/, which my OS installation didn't seem to have! If you already have this folder, you can just delete the line.

Hope this helps! And enjoy responsibly ;)

Later!

[ Reply to This | # ]

Unable to install ProxyTunnel
Authored by: TicToc on Aug 17, '05 07:18:59AM

Thanks - that worked :) Mind you, I still can't get a man page...
Cheers,
tt



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: TrumpetPower! on Aug 19, '05 03:23:06PM

For those of you who are a bit put off by compliling programs or installing them into /use/local/bin, you can get a Tiger package of prtunnel, a program that does the same basic thing, thanks to DarwinPorts.

Cheers,

b&

P.S. Of course, this means that, if you’ve got DarwinPorts installed, a simple “sudo port install prtunnel” will do the trick, as well. b&



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: Nimitz on Nov 04, '05 11:34:18AM

Oh that is smart...,

but how in hell's name can i work with darwinports if running the 'port'-command fails everytime because it won't work with the proxy.

You can set your environmentvariables (RSYNC_PROXY, .curlrc) what you want, darwinports uses rsync and a specific SSL port which is blocked; so NO SHOW.

Any ideas how to run 'port' in an alienated windowscontroled mac-fearing ICT-landscape?

---
-----------
The Nimitz



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: merlimat on Aug 29, '05 09:15:55AM

It does not work for me cause the Proxy I have to use does not permit me to connect to ports other than 443 (HTTPS). So I have no clue on how to bypass. Solution would be to keep a SSH server at host which listen on 443 and forward connection to remote hosts..



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: rram10 on Nov 03, '05 08:36:57PM

Hi there

I am behing a network firewall and proxy server. my proxy needs authetification. I can access the internet through safari because it uses my proxy settings as set in the network settings in system preferences.

I can't however use my mail program to access my pop3 email account because I assume this port is blocked by the system administrator. No way I can ask him to allow the port to be accessible.

I need help on how to tunnel through the firewall and proxy server to access my mail. I can do it on my windows computer using http-tunnel (www.http-tunnel.com), but the program does not support max os x. Please provide me with in depth details on how to do this. my pop3 server is bow.intnet.mu. so please include that server if you are going to give me any ssh command lines. I am fairly new to mac, and am not fully compatible with the UNIX commands! Thanks!!



[ Reply to This | # ]
Wrong option?
Authored by: bonkydooky on Feb 28, '06 03:37:07PM
I tried this as he said and Proxytunnel says "unknown option -- g" I found it starts up successfully if you use this format: sudo ./proxytunnel -a 21 -p hostname:8080 -d hostname:port -v Note the path to proxytunnel assumes you're in the same directory as the binary. I don't have it working just yet.

[ Reply to This | # ]
New command line syntax in proxytunnel 1.6
Authored by: stephanos on Mar 09, '06 02:56:28AM

Proxytunnel 1.6.0 changed (and simplified) the command line syntax a bit. The basics of the hint still apply. I'm sorry this hint is arcane by the standards of the layperson, but since it's all about circumventing access restrictions I feel that can be a plus; if you don't know enough about networking to use it, you probably shouldn't try. I don't even use proxytunnel any more because I switched from iChat to Adium (which can do this trick internally, and moreover takes proxy settings from system preferences which I switch using the Location menu) and I can live without my gmail (which is not my primary email anyway) during the day.



[ Reply to This | # ]
Errors trying to connect
Authored by: RogerSilvaCastro on Aug 23, '07 10:22:53AM

Hi all,
I´m trying to use this hint to log in MSN.
Therefore, I've tried executing the following command:

proxytunnel -a 522 -p (Proxy Server address) :(Proxy Server Port) -d messenger.hotmail.com:1863

However, when I try to log in MSN application (after setting Internet Explore Proxy settings to "Proxy Server = localhost", and "Proxy Port=522"), then Proxytunel gives me the following error:

Proxy Error ( The specified Secure Sockets Layer (SSL) port is not allowed. ISA
Server is not configured to allow SSL requests from this port. Most Web browsers
use port 443 for SSL requests. )
0 to 65536


Please, May someone help me with this issue?

thanks in advance







[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: TawWinPann on Jul 03, '06 02:44:35AM

I'm from Myanmar (Burma). There is only one ISP in our country. They block a lot of good websites. Can I know the best way to bypass their restrictions?



[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: marionX on Jul 13, '08 10:56:59AM
if you have no admin access to your own web server, you can use a hosted pop3-over-http tunnelling service such as the mailFISH provided on

http://www.serfish.com/mail

comes to you as a small app which acts as a local pop3/smtp server which forwards messages in an intelligent way. only if no direct connection can be established communications goes over the service hosted at www.serFISH.com. a limited number of messages per day can be tunnelled for free.

[ Reply to This | # ]
Bypass firewall restrictions via an HTTPS proxy
Authored by: wcoolnet on Apr 04, '09 08:11:39AM
I personally prefer using a vpn service like AlwaysVPN ( https://ssl.alwaysvpn.com/ ) This way all of my network traffic can bypass any firewall restrictions.

[ Reply to This | # ]
Not able to install proxy tunnel on mac
Authored by: slatragand on Jul 04, '12 05:15:29AM

For some reasons ; i'm not able to install proxy tunnel on my mac ; since just placing the folder in the usr/local/bin folder won't work . Need help pls from anyone who can help



[ Reply to This | # ]