How to circumvent the free Wi-Fi content filter, for fame & profit

I’m very grateful for the free Wi-Fi on the train, the coffee shop or the municipal free Wi-Fi, but the content filter they have on their proxies is sometimes really weird – for example it may blocks one of my favorite podcasts website (the Jupiter Broadcasting network) under the category “streaming media” even though they don’t actually host their video files, but they do let through YouTube and Facebook (where most cat videos are posted these days). So apparently Israeli Rail has an aversion to streaming media so they won’t let me send an email to a small podcast, but I can watch all the cat videos I want. Weird. Also, most VPN services are blocked by default, so no help will be coming from that way1.

So, to fix that, here’s a small workaround using an external proxy – this is rather simple, but it does assume you have all kinds of tools that most users won’t have just lying around – but if you’re a Linux geek you should do just fine.

Ingredients:

  • A remote server you have access to over SSH. Best to connect to your home DMZ server, which is on your residential broadband, as from there you can do all your “gray area” browsing, but any server you don’t mind abusing for proxying your browsing will do.
  • A local SSH client that supports SOCKS proxying. I’m using OpenSSH in the examples below, but if you *have* to run MS-Windows, then PuTTY also supports this, though they call it “Dynamic Tunneling” – see this blog post for details.
  • A browser plugin to help jump from standard configuration to the proxying mode – otherwise you’d have to manually update the browser settings each time you go on the train, and that is a hassle. I use Toggle Proxy for Firefox.

Setup:

If you have your SSH server and have credentials to, nothing more needs to be done before you get on the free Wi-Fi. Everything else can be gotten online once your ready to go2.

Firefox setup:

This is how I do it on my main browser, if you use Chrome or something else and want to submit instructions for that – the comment area is open for you 🙂 . This is basically the most difficult part of the setup, and I mostly complicate it by using an extension for ease of management. If you just want to see if it works, just go to Firefox Network Connection Settings and set your SOCKS proxy as “localhost:1080”, and skip to the next section.

  1. Installing Toggle Proxy (the link above should have an “Add To Firefox” button)
  2. From the Firefox Add-Ons screen, select Toggle Proxy and click “Preferences”: Toggle Proxy Add-On
  3. In the preferences dialog, make sure to have the first toggle as “Manual Proxy configuration”. The second toggle can be useful for “automatic detection” if you ever go into a network that uses that:
    Toggle Proxy Preferences
  4. Select “Customize” from Firefox’s menu, and drag the Toggle Proxy button to somewhere where it is accessible. I like to put it to the right of the “Add Tab” button, so it is out of the way of my other extensions but is still easily found – though the icon for “No Proxy override used” is a generic “close” icon, so that’s a bit confusing:
    Toggle Proxy Add-On Button
  5. Open Firefox Preferences dialog, and select “Advanced”, then the “Network” tab, and click on “Settings” under “Connection”:
    Firefox Network Preferences
  6. In the Connection Settings dialog, select “Manual Proxy Configuration”, then leave all settings empty except the last – “SOCKS Proxy” and set it up as “localhost” and port “1080”:
    Firefox Connection Settings

Get it working

When you are fed up with the free Wi-Fi content filter, open a terminal and run:


ssh -D 1080 user@ssh.server.com

Go to Firefox and enable using the SOCKS proxy by clicking the Toggle Proxy button. That should be it – now when you try to access a website, Firefox will route the request through your SSH server and completely circumvent the Wi-Fi proxy.

When you are done, log out from the ssh session and disable the Firefox proxy override. Note that Toggle Proxy has two override settings, so to enable the first “toggle” you click the button once, and to go back to the original settings you have to click twice.

  1. I’ve checked the OpenVPN ports are blocked, as well as all web-based proxies I could find, such as FoxyProxy and Hola. I’ve encountered in the past a weird VPN software that does not use standard UDP or TCP sockets, but instead using GRE packets and I have no idea if that would work, but I’m assuming it won’t as well. []
  2. assuming the free Wi-Fi you are on is not blocking software download sites such as your Linux distro’s repositories or Mozilla’s Add-Ons website []

5 Responses to “How to circumvent the free Wi-Fi content filter, for fame & profit”

  1. Amir:
    Fatal error: Uncaught Error: Call to undefined function comment_dir() in /vhosts/coil/geek/public_html/wp-content/themes/modern-bluish/single-comment2.php:17 Stack trace: #0 /vhosts/coil/geek/public_html/wp-content/themes/modern-bluish/functions.php(8): include() #1 /vhosts/coil/geek/public_html/wp-includes/class-walker-comment.php(179): themed_comment() #2 /vhosts/coil/geek/public_html/wp-includes/class-wp-walker.php(144): Walker_Comment->start_el() #3 /vhosts/coil/geek/public_html/wp-includes/class-walker-comment.php(139): Walker->display_element() #4 /vhosts/coil/geek/public_html/wp-includes/class-wp-walker.php(387): Walker_Comment->display_element() #5 /vhosts/coil/geek/public_html/wp-includes/comment-template.php(2229): Walker->paged_walk() #6 /vhosts/coil/geek/public_html/wp-content/themes/modern-bluish/comments.php(26): wp_list_comments() #7 /vhosts/coil/geek/public_html/wp-includes/comment-template.php(1539): require('/vhosts/coil/ge...') #8 /vhosts/coil/geek/public_html/wp-content/themes/modern-bluish/single.php( in /vhosts/coil/geek/public_html/wp-content/themes/modern-bluish/single-comment2.php on line 17