You operate your own server running some web services, a mail submission service, an IMAP service, of course
ssh for maintenance and several other services? But unfortunately you cannot reach any ports except 80 and 443 as soon as you are somewhere in a public Wifi because of firewall restrictions? Then OnionCat is your friend 🙂
This article explains how to evade a firewall to access your own services in the Internet.
Public Wifis typically have at least port 80 and 443 open otherwise they would be useless. And this is actually a requirement for this setup.
Let’s assume that you run your own server (
my.server.org) somewhere in the Internet running IMAP on tcp port 143 and a mail submission service on tcp port 587. On your notebook you have your favorite email client which is already configured to access these services directly (on
Now you are somewhere connected to a public Wifi but unfortunately you neither can check nor send mails because 143 and 587 are closed.
On your server (
my.server.org) setup Tor and OnionCat as well as on your notebook. As a result your server1 has an OnionCat IPv6 address on the tunnel device. The address is something like
You are now already able to access your server from your client, e.g. with
winnie:~% ssh fd87:d87e:eb43:xxxx:xxxx:xxxx:xxxx:xxxx X11 forwarding request failed on channel 0 Last login: Tue Dec 15 09:12:05 2015 from forzand FreeBSD 10.1-RELEASE-p (GENERIC) #0: Mon Nov 2 12:17:28 UTC 2015 Welcome to FreeBSD! psara:~%
Now make an entry into your
/etc/hosts file as shown below. With this you don’t have to reconfigure your email client (and other clients accessing your server at its hostname). The system automatically looks up the hostname within the
hosts file before it makes a DNS lookup.
That’s all. It will be a little bit slower as usual but nevertheless you can access your services 🙂
- Of course, your notebook also has an IPv6 address on its tunnel device but this is not really relevant within this context. ↩