updated

LDP/howto/docbook/HOWTO-INDEX/adminSect.sgml

@@ -408,7 +408,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
 Firewall Piercing mini-HOWTO</CiteTitle>
 </Para><Para>
 <CiteTitle>
-Updated: April 2001</CiteTitle>.
+Updated: July 2001</CiteTitle>.
 Directions for using ppp over telnet to do network activities
 transparently through an Internet firewall. </Para>
 </ListItem>

LDP/howto/docbook/HOWTO-INDEX/miniChap.sgml

@@ -436,7 +436,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
 Firewall Piercing mini-HOWTO</CiteTitle>
 </Para><Para>
 <CiteTitle>
-Updated: April 2001</CiteTitle>.
+Updated: July 2001</CiteTitle>.
 Directions for using ppp over telnet to do network activities
 transparently through an Internet firewall. </Para>
 </ListItem>

LDP/howto/docbook/HOWTO-INDEX/networkingSect.sgml

@@ -591,7 +591,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
 Firewall Piercing mini-HOWTO</CiteTitle>
 </Para><Para>
 <CiteTitle>
-Updated: April 2001</CiteTitle>.
+Updated: July 2001</CiteTitle>.
 Directions for using ppp over telnet to do network activities
 transparently through an Internet firewall. </Para>
 </ListItem>
@@ -783,7 +783,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
 Firewall Piercing mini-HOWTO</CiteTitle>
 </Para><Para>
 <CiteTitle>
-Updated: April 2001</CiteTitle>.
+Updated: July 2001</CiteTitle>.
 Directions for using ppp over telnet to do network activities
 transparently through an Internet firewall. </Para>
 </ListItem>

LDP/howto/linuxdoc/Firewall-Piercing.sgml

@@ -5,7 +5,7 @@
 
 <title>Firewall Piercing mini-HOWTO</title>
 <author>François-René Rideau, <tt>fare@tunes.org</tt></author>
-<date>v0.7, 4 November 2000</date>
+<date>v0.9, 13 July 2001</date>
 
 <abstract>
 Directions for using ppp over ssh or telnet
@@ -40,12 +40,11 @@ Don't come crying to me.
 
 <sect1>Legal Blurp
 <p>
-Copyright &copy; 1998-2000 by François-René Rideau.
+Copyright &copy; 1998-2001 by François-René Rideau.
 
-This document is free software; you can redistribute it and/or modify it
-under the terms of the GNU General Public License
-as published by the Free Software Foundation;
-either version 2 of the License, or (at your option) any later version.
+This document is free software published under the
+	<url url="http://www.geocities.com/SoHo/Cafe/5947/bugroff.html"
+		name="bugroff license">.
 </sect1>
 
 
@@ -86,7 +85,8 @@ an ancient and no-more-supported program named Term
 as well as on peculiarities of a not-so-standard telnet implementation,
 that is, many obsolete and non-portable facts.
 Nevertheless, there was a necessity for a mini-HOWTO about piercing firewalls,
-and despite its shortcomings, his mini-HOWTO was a model and an encouragement.
+and despite the limitations of its hacks,
+this mini-HOWTO was a model and an encouragement.
 
 I'd also like to congratulate
 <URL URL="mailto:lars@nocrew.org" name="Lars Brinkhoff">
@@ -128,13 +128,14 @@ You can and you shall protect them from the outside world,
 but you can't protect them from themselves.
 
 Because there exists such things as system administrators
-who are either unresponsive, absent, plain incompetent,
+who are either unresponsive, absent, overworked, plain incompetent,
 or more generally managed by incompetent people,
 it so happens that a user may find himself behind a firewall
 that he may cross, but only in awkward ways.
 This mini-HOWTO explains a generic and portable way
 to pierce tunnels into firewalls,
-by turning any tiny small crack into a full-fledged information superhighway,
+by turning any thin, tiny trickle of bits
+into a full-fledged information superhighway,
 so the user can seamlessly use standard tools to access computers
 on the other side of the firewall.
 The very same technique can be used by competent system administrators
@@ -200,7 +201,7 @@ Re-read the disclaimer above.
 <sect1>Other requirements
 <p>
 It is assumed that you know what you're doing,
-that you know about setting up a network connection,
+that you know about configuring a network connection,
 that in case of doubt, you will have read all relevant documentation
 (HOWTOs, manual pages, web pages, mailing-list archives,
 RFCs, courses, tutorials).
@@ -212,10 +213,23 @@ the ways currently known to work),
 and that you can let a daemon run as a background task on the remote site
 (or benefit from and existing daemon, sshd, telnetd, or sendmail/procmail).
 
-It is assumed that you'll know how to configure an IP emulator (pppd, slirp)
+It is assumed that you know or are willing to learn
+how to configure an IP emulator (pppd, slirp)
 or an Internet access daemon and its associated library (SOCKS, Term)
 on each side, according to your needs in terms of connectivity
 and to your access rights, with your recompiling some software if needed.
+
+Last but not least, so that you can use the hacks described in this document,
+it is assumed that you are root on the side of the firewall
+that needs full transparent IP access to the other side.
+Indeed, you'll want to run the PPP daemon on this side which
+allows for use the normal kernel packet routing facilities.
+In case you're not root on this side, your case is not desperate though:
+indeed, Barak Pearlmutter's
+<htmlurl url="http://www.linuxdoc.org/HOWTO/mini/Term-Firewall.html"
+	 name="Term-Firewall mini-HOWTO">
+describes how to use <tt>Term</tt>, a purely userland program,
+to the end of piercing firewalls.
 </sect1>
 
 
@@ -414,10 +428,11 @@ Automatic reconnection is left as an exercise to the reader.
 REMOTE_ACCOUNT=root@remote.fqdn.tld
 REMOTE_PPPD="pppd ipcp-accept-local ipcp-accept-remote"
 LOCAL_PPPD="pppd silent 192.168.0.1:192.168.0.2"
-cotty -d -- $LOCAL_PPPD -- ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD 
+$LOCAL_PPPD pty "ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD"
 </verb>
 
-(Note: this command requires <tt>cotty</tt> 0.4 or later.)
+Note that I haven't been able to use this trick with slirp on the remote side,
+
 </sect1>
 </sect>
 
@@ -557,7 +572,7 @@ Contribution in that direction welcome.
 </sect1>
 
 
-<sect1>Getting the triggering mail
+<sect1>Getting the trigger message
 <p>
 If you are firewalled, your mail may as well be in a central server
 that doesn't do procmail filtering or allow telnet sessions.
@@ -575,6 +590,13 @@ Too frequent a poll won't be nice to either the server or your host.
 Too infrequent a poll means you'll have to wait before the message gets read
 and the reverse connection gets established.
 I use two-minute poll frequency.
+</p>
+<p>
+Another way to poll for messages, when you don't have a mailbox,
+but do have outbound FTP access, is to use
+<url url="http://dhirajbhuyan.hypermart.net/ftp-tunnel.html"
+	name="FTP tunnel">.
+</p>
 </sect1>
 </sect>
 
@@ -607,6 +629,12 @@ to modify <tt>fwprc</tt>
 Now, if the only way through the firewall is a WWW proxy
 (usually, a minimum for an Internet-connected network),
 you might want to use
+	<url url="http://www.snurgle.org/~griffon/" name="Chris Chiappa">'s
+script
+	<url url="http://www.snurgle.org/~griffon/ssh-https-tunnel"
+		name="ssh-https-tunnel">.
+
+Another promising program for piercing through HTTP is
 	<url url="http://lars.nocrew.org/" name="Lars Brinkoff">'s
 	<url url="http://www.nocrew.org/software/httptunnel/"
 		name="httptunnel">,
@@ -642,7 +670,6 @@ but it shouldn't be difficult.
 If necessary, fall back to using the
 <htmlurl url="http://www.linuxdoc.org/HOWTO/mini/Term-Firewall.html"
 	 name="Term-Firewall mini-HOWTO">.
-	
 
 If you have an 8-bit clean connection and you're root on linux both sides
 of the firewall, you might want to use ethertap for better performance,