host:~user$ ssh -D 8888 firstname.lastname@example.org
(There is also a nice GUI for those who are not familiar with the command line.)
As the Chinese Government also tries to block external sites, such as Youtube and Openleaks, by filtering DNS requests, it’s necessary to filter this too. One could e.g. point them to 127.0.0.1 (in system preferences) and then send through another ssh tunnel:
host:~user$ sudo ssh email@example.com -L 53:127.0.0.1:53
(sudo because 53 is a privileged port.)
But actually it’s easier by just hacking the firefox configuration:
Luckily, with SOCKS5 Firefox can control which side of the proxy handles DNS lookups. By default, it does the lookups locally resulting in the scenario above. To change this, set network.proxy.socks_remote_dns = true in about:config. This makes the SOCKS proxy more like a regular proxy, where DNS is handled by the remote end of the tunnel.
… or one can install iodine and tunnel all DNS requests accordingly.