setting up private proxy

@Nevins,

I really appreciate your concern and understand the implications if i get caught. But, i dont really mind that at all for now. maybe because im part of the IT.

We get orders from management to block certain sites, but trust me they have no way knowing first who breaks policy other than me and my co-workers.

and since, we configured the word 'proxy' to block in search engines, im just wondering if making my own private proxy would bypass it.

im really not sure how it redirects before it goes to the internet, thats why im asking

Okay so lets look at this logically. Chances are your getting redirected before it even gets to the internet by your host file, dns settings and browser settings. You can likely get around the browser but adding another browser (if you are not locked out of installing new programs) and you may even be able to change the dns and host settings if not configured properly.

can you explain clearly when you say it redirects even before it gets to my host file?
and, i am able to change my dns settings.

as far as i know, we did not implement any ACL, we only use domain name blocking and some ports of it. thats why, im really wondering why cant I use my private proxy..

anyhow, i appreciate your input.

If your site uses its own DNS server rather than the one from the ISP (which most companies do) then there is potential there to make changes within your own DNS to redirect sites you want to block to some black hole rather than letting it resolve. You can do something similar by redirecting in the hosts file which usually gets checked before DNS is invoked. You can vary the checking order by modifying the node type. Usually measures such as these will go along with policy restrictions to stop people simply undoing the settings on their PC.
Those are some of the simple ways of restricting internet access. Probably more usual is some sort of proxy with a block list, either internally managed or on subscription from an external provider. These let you block categories of sites eg no porn, no gambling etc provided the list is accurate and kept up to date.

Chances are your getting redirected before it even gets to the internet by your host file, dns settings and browser settings.

can you explain clearly when you say it redirects even before it gets to my host file?
and, i am able to change my dns settings.

I think you read that wrong. Packets do not get redirected BEFORE they get to the host file... they get redirected BY your host file.


Essentially your host file acts as a DNS server on your computer. Before hitting ANY other DNS server your computer checks the host file for IP addresses. Additionally you may want to note that you can bypass DNS look-ups by hosting IP addresses locally on your host file. (you can get a better ping in some video games too)

pedenski, I assume here that you've setup port forwarding on your homes/ISP router for a SOCKS port (which is the protocol usually used by proxies) and setup the same port on the proxy settings of firefox at work.

To start lets isolate the problem, place wireshark on your home PC and filter only for SOCKS protocol traffic, then go to work and browse using your proxy again. When you get back home, check wireshark to see if you've got some SOCKS request packets there. If so, then the problem is probably at home. If not then the problem is at work.

An easier way is to try browsing from a friends PC (or any other none work PC). If it works then the problem is obviously at work.