Small guide how to tunnel traffic via ssh using port 53 with linux.
I got a new ADLS line, which came with some problems. The line will drops all other outbound connections, except traffic to ports 80 (HTTP) and 53 (DNS). This basically means that SSH, ping, traceroute, IMAP and HTTPS does not work.
SSH and HTTPS and IMAP connections are the most important to me so that I can access remote servers, get emails and use for example Google search or Facebook.
The really funny part of this is that all incoming connections work well. I can ssh to my home server from the internet, but not the other way around.
Link speed is moderate, but a great speedup after using mobile connection for years.

Ttroubleshooting
Curl timeouts when trying to access Google with https.
root@saturn:~# curl -v https://www.google.com
* About to connect() to www.google.com port 443 (#0)
* Trying 180.180.250.183... Timeout
* Trying 180.180.250.187... Timeout
* Trying 180.180.250.167... Timeout
While trying to debug I found an handy tool hping3 to check the status
root@saturn:~# hping3 -S -p 80 www.google.com
HPING www.google.com (eth1 180.180.250.182): S set, 40 headers + 0 data bytes
len=46 ip=180.180.250.182 ttl=61 DF id=0 sport=80 flags=SA seq=0 win=14600 rtt=43.9 ms
len=46 ip=180.180.250.182 ttl=61 DF id=0 sport=80 flags=SA seq=1 win=14600 rtt=40.1 ms
len=46 ip=180.180.250.182 ttl=61 DF id=0 sport=80 flags=SA seq=2 win=14600 rtt=36.1 ms
hping3 to SSL port works for an moment to www.google.com
root@saturn:~# hping3 -S -p 443 www.google.com
HPING www.google.com (eth1 180.180.250.118): S set, 40 headers + 0 data bytes
len=46 ip=180.180.250.118 ttl=61 DF id=0 sport=443 flags=SA seq=0 win=14600 rtt=41.8 ms
len=46 ip=180.180.250.118 ttl=61 DF id=0 sport=443 flags=SA seq=1 win=14600 rtt=44.2 ms
len=46 ip=180.180.250.118 ttl=61 DF id=0 sport=443 flags=SA seq=2 win=14600 rtt=43.4 ms
And the next minute it fails
root@saturn:~# hping3 -S -p 443 www.google.com
HPING www.google.com (eth1 180.180.250.118): S set, 40 headers + 0 data bytes
Solution using sshuttle (temporary)
There was two options to overcome the problems. Use an VPN and using SSH tunnel. Sshutle seemed to be quick and easy solution for now. As I had only two ports available and did port 80 was already in usage, the only option was to user port 53, which is used by DNS.
Setting up SSH tunnel, using open port 53
Setup sshd on EC2 to asnwer to port 53 by adding "Port 53" line to /etc/ssh/sshd_config file. Restart the ssh service afterwards
echo 'Port 53' >> /etc/ssh/sshd_config
/etc/init.d/ssh restart
Allow incoming traffic to port 53 by adding a custom rule to EC2 security group

Install and Use sshuttle to tunnel all traffic, excluding local network to EC2 server using port 53
apt-get install sshuttle
sshuttle -r username@EC2servername.com:53 0/0 -x 192.168.1.0/24
Testing with curl
* Trying 180.180.250.163... connected
Further checking the network traffic on EC2 server with jnettop
ip-10-130-55-55.ap-southeast-1.compute.internal <-> node-ejl.pool-118-55.dynamic.totbb.net 629b/s 88b/s 717b/s
10.130.55.55 53 TCP 118.173.73.55 14855 283K 39.7K 322K
ip-10-130-55-55.ap-southeast-1.compute.internal <-> mx-ll-180.183.213-55.dynamic.3bb.co.th 263b/s 288b/s 551b/s
10.130.55.55 80 TCP 180.183.213.109 64984 1.03K 1.13K 2.16K
GET /sites/all/themes/acquia_marina/images/drop-bottom.png
==> The connection works!! Well, ping and traceroute does not, but at least I can now use Google, Picasa and Facebook and send and receive emails.
Limiting the traffic to EC2 by not routing normal HTTP traffic there
At this point all my outgoing traffic from my laptop was routed to the Amazon EC2 server in Singapore. However I have to pay for the server traffic and also it's not wise to route evertything there, so next step was to setup an transparent proxy to my home server. I selected squid3 to do the job.
Installing and setup squid3 transparent proxy to home server
apt-get install squid
Edit /etc/squid3/squid.conf to allow local traffic
acl localhost src 127.0.0.1/32 ::1 192.168.1.0/24
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 192.168.1.0/24
Change Chromium browser to use home server squid3 as an HTTP proxy
chrome://settings/ -> Advanced -> Change Proxy settings

voilà, https traffic goes via EC2 server and normal http traffic goes directly
Caching ubuntu / debian packages
One more step to limit the traffic to the EC2 server as minimal as possible. I had actually done this earlier as for years I had only mobile (CDMA and currently HSPA) connection to the internet. I'm using apt-cacher-ng to cache ubuntu packages. This way when one computer fetches an package, the others can get it from the local cache. Great software to limit the need of bandwidth usage as well as speed up upgrade and installation processes.
In my setup the home server is not tunneled, so all the outgoing traffic from this server is not going via EC2 server.
Setting up apt-cacher-ng
Using apt-cacher-ng to cache ubuntu packages on the home server
Install apt-cacher-ng to the home server (192.168.1.17)
apt-get install apt-cacher-ng
On the client side (the apt-cacher-ng server should also act as an client)
Create file /etc/apt/apt.conf.d/02proxy and add line
Acquire::http { Proxy "http://192.168.1.17:3142"; };
Then try it out
apt-get update ; apt-get upgrade
Links:
Sshuttle examples
http://teohm.github.io/blog/2012/04/01/using-sshuttle-in-daily-work/
Squid3 Transparent proxy
http://www.ubuntugeek.com/how-to-setup-transparent-squid-proxy-server-in-ubuntu.html
http://paulwright.id.au/?p=1126