If we want to avoid the blocking of various web pages, we can use several methods. The procedure that most interests us will depend on how that firewall operates. Some work at the DNS level, the firewall itself will be in charge of providing us with local DNS servers where the filtering is done, in addition, the possibility of using external DNS such as those of Google or Cloudflare is blocked. Another common blocking method is to check the SNI field of HTTPS connections, in this way, we could allow or block access to certain web pages. Lastly, they could do deep traffic inspection (DPI) to block the traffic that they have defined in the rules.
Use a proxy server
The proxy they are services that will act as intermediaries and will handle the requests for us. For example, if we want to see the website of a game, it is quite likely that you will search for it by typing the URL in the address bar and the firewall will block it. A proxy server prevents this, because you are not visiting the game’s website directly. What we do is go to the proxy page and tell it to go to that page for us. It then shows you all the requested content, while the firewall only sees the proxy URL.
There are several types of Proxy, those based on HTTP and HTTPS, it is the latter that you should use, because if you use HTTP all the traffic will go unencrypted and could be blocked by the firewall very easily. By using an HTTPS proxy, all communications between the user’s computer and the proxy server will be completely encrypted, ideal to maintain our privacy and that the firewall “does not bother”.
When using a web proxy, you must bear in mind that the browser you use will have to be correctly configured, you will have to go to the network section and configure the IP address and port of the proxy, as well as the protocol it is using. Once configured, we can browse the Internet through the Proxy, but the traffic used by other programs such as Skype or Slack will go through the main Internet connection, a complete traffic forwarding is not done as it happens with VPN services, only the web traffic will be the one that moves through the proxy.
Use a VPN so they don’t see your traffic
A VPN is even more complete than a proxy and also allows you to bypass the firewall at work or school. In this case it is as if our data traveled hidden through a tunnel thanks to encryption. This keeps us safe from prying eyes such as the school itself, the Internet provider and more. In this way of working, our computer sends this encrypted data to a VPN server, which decrypts our data, reads where we want to go and goes there. It then sends back the encrypted traffic and bypasses the firewall with no problem.
A very important detail of VPNs is that all network traffic will go from our PC to the VPN server, not only web traffic, but also Internet traffic from any program or process that we are using. There are commercial VPN software that allow us to configure which programs we want to work through the VPN and which we want to go directly to the Internet without going through the proxy server.
In the event that the firewall does not block access to the VPN servers, this is one of the easiest ways to bypass the firewall of the school or company, however, if they use traffic inspection, it is possible that they also block this form of access. connection, and the same would happen if the firewall blocks the typical ports like 1194 UDP/TCP of OpenVPN or the default ports of L2TP/IPsec and more. For this reason, it would be advisable to connect to an external VPN that uses the OpenVPN protocol with TCP and HTTPS port 443, this type of VPN protocol allows us this configuration, and if the firewall does not do DPI we could pass ourselves off as an HTTPS connection ordinary.
The Google Translate Alternative
Another method can be using google translatehere we have to use the function translate page to use it. Then when Google Translate translates that page, it loads the page on the server, translates it, and sends us the result. This little trick is widely used to bypass firewalls when a website is blocked, since we will use Google services to take us to the final website. However, this method has its limitations and it is quite annoying to have to use hyperlinks within Google translate.
It is possible that your organization also blocks this domain from Google, because it is known that this type of thing can be done, so it may not work for you, however, you will always be able to try it in case you cannot use Proxy and VPN services.
Type the IP address of the website
When browsing the Internet we do it using domain names because they are easier to remember. The reality is that those names are in charge of translating them to the DNS servers and then sending us to that IP address. If we put that public IP in the browser’s address bar we can avoid bypassing the firewall, as long as the firewall does not have a blacklist of IP addresses that cannot be accessed or does traffic inspection. A web page that we can use to find out that IP is WhatIsMyIPAddress.
This form of connection will only work in cases where the firewall blocks traffic at the DNS level, but if the blocking is through DNS and IP, it will not work because it will also detect that we are connecting to unauthorized websites. If you cannot use the Proxy and/or VPN to try to bypass the firewalls, this trick could work well for you to connect without limitations, but you will have to know beforehand all the IP addresses of the websites you want to access, so it will be quite cumbersome .
Use DNS over HTTPS
The DoH protocol or also known as DNS over HTTPS, will allow us to make DNS requests and responses through the HTTPS protocol in a completely encrypted way. If your firewall is blocking access to the Internet through DNS, if you use DoH in the web browser, you will be able to bypass the firewall easily and simply, because blocking this protocol is really complicated, since HTTPS access would have to be blocked at all DNS servers that support this protocol, including Google, therefore generally do not block this.
This DoH protocol is already found in the main web browsers such as Chrome or Firefox, and even in the latest Microsoft operating systems it is also present. It would be recommended that you check the DNS over HTTPS settings if you can, because this way you could bypass DNS blocking.
There is another similar protocol that is DNS over TLS or DoT, but this protocol uses port 853, so in the firewall we could block that if the destination port to any IP is 853 TCP, automatically block the traffic. Blocking DoT at the firewall level is much simpler than DoH, because the latter uses port 443, which is typical for HTTPS connections, and if we create the same rule we would be blocking any HTTPS traffic on the network, and that is not acceptable.
Create an access point on your smartphone
Currently both smartphones with Android and iOS operating systems can create a WiFi access point to connect to the Internet. This does not mean that we “jump” the firewall, but rather that we use another connection that is in the palm of our hand so as not to have any type of restriction when browsing the Internet. In the event that you have tried all the previous ways and tricks to bypass the firewall and you have not succeeded, then this method is the only one that will work for you, although if your PC is a desktop and you do not have a WiFi card, and you have the blocked USB ports, you won’t be able to use it either.
As you have seen, we have a large number of ways to try to bypass the firewall, the success of this task will depend on how the firewall is configured and what security measures have been implemented at the network level to access or not certain services.
Dangers of bypassing the firewall
At times, that school or company firewall may seem annoying and obnoxious, but it has a good reason to exist. What the school or company wants is to be as safe as possible, and to block any threat on the Internet so that it does not infect any computer on the internal network.
One of the threats we face is that personal information could be stolen. For example, some free services work this way because their owners get money from us. They do this through advertisements or by collecting information from us to sell it. Another danger is that our computer gets infected with a virus or some kind of malware. Furthermore, some of them spread on the network and can end up infecting the entire school network.
On the other hand, you could also be suspended or expelled if you are caught performing these actions. However, if you are doing an illegal activity as well you could face legal action if the school or company exposes the facts to the competent authority.
