Simple, but inconvenient ways of bypassing the censor exist (and have been discussed elsewhere on this site), but these are restrictive and difficult to use. The best methods involve an external ISP shell account. This page describes the general techniques with a specifi example. For details concerning specific accounts, see recommended accounts
There are several ways to use such an account. All of these involve a certain amount of setup and configuration. I'll start with the easiest (but not the best!) and work along as I get the time.
Some strategies involve simply arranging for web access to bypass a censoring proxy, while others are more general and will allow this as well as bypassing blocking on other ports, to allow access to other censored services (e.g. Usenet news, Internet telephone etc.).
I hope to discuss and implement the following methods (and some extensions of these):
Ssh is a very flexible tool for our purposes. Not only can it be used to log into your external account, but it can set up a tunnel for your requests. This means that packets go in at one end and pop out the other and proceed on their way as if nothing special had happened. This is useful for bypassing packet filtering (on, for example, port 8080 as practiced in the UAE to stop you using public access, uncensored proxies outside the country). It works because ssh tunnels everything through port 22 (by default) and port 22 is not blocked. But I'm not about to use even this much of the functionality of ssh to get you set up with a redirection server which will (seem to) do everything you need for web browsing, Usenet news etc. Extensions later will add a few things you didn't know you needed.
Here's a simple way to use it, which has the disadvantage of not being encrypted. I don't think this is such a big deal because it's on a strange port and isn't being logged by the censoring proxy. Anyway, it's a start and you can build from the understanding this will give you. It's simplicity will (surely) encourage you to get the external account, if you haven't already done so!
So the concept is clear, I've listed the basic steps first and then follow with implementation details and an example.
Implementation details:
ssh -R 12000:194.85.132.86:3128 localhostIt will ask for your password - enter it. You should end up at a shell prompt again. Essentially what's happening here is that you are logging in again! But this time you are telling ssh to forward all the port 12000 activity to 194.85.132.86. There are many other ways to do this - and this is the essential step which allows your requests to bypass the packet filtering in the UAE (they don't block 12000, and if they ever do, you can choose another one).
Rinetd is a nice little redirection server written in in C. It allows you to listen on your host at a given set of ports and have your connection to those redirected to other host/ports. Set one unblocked port up to redirect you to a good, fast, public proxy and another (for example) to redirect your requests to a public access Usenet news server. If your host account has either of these, use that.
Details TBD
TBD
TBD
TBD
Redir is another redirection server written in C. It sets up in a default manner on Panix (NetBSD) and can be set up as described below on Sun OS systems such as nether.net (a free account). I intend writing a Perl script to ensure a trouble-free installation on any system, but for the moment, for those with some Unix abilities, here's the setup for nether.net. If anyone can streamline this for me, I'd appreciate the hints - it's a hack at the moment. Please tell me about bugs, so I can make this work for everyone.
Stone is a really nice redirector. If you get this one running, you won't need to look for another one. It's a tcp AND udp redirector, it can be a web proxy all by itself (no need to find others to point it to), it's non-forking by default (no problems with bugs causing runaway or zombie processes to get the ISP mad at you), and if you compile the SSL version (harder to do) it will encrypt the connection between you and it. What more could you want? I recommend this over all of the other redirectors I've listed.
The SSL version requires you set up openSSL and md5c.c etc. which is all a bit difficult to describe in a simple recipe etc., so I won't go into it now.
cd
to the Makefile directory
make bsd
./stone proxy 12000
will start up a simple web proxy.
It can be used the same way as redir
, ssh -R
etc, of course. ./stone -h
will give a complicated list of commands, Take a look at the Stone home page for some examples.