mirror of https://github.com/tLDP/LDP
updated
This commit is contained in:
parent
de5d71700d
commit
9be0eb04bb
|
@ -408,7 +408,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
|
|||
Firewall Piercing mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: April 2001</CiteTitle>.
|
||||
Updated: July 2001</CiteTitle>.
|
||||
Directions for using ppp over telnet to do network activities
|
||||
transparently through an Internet firewall. </Para>
|
||||
</ListItem>
|
||||
|
|
|
@ -436,7 +436,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
|
|||
Firewall Piercing mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: April 2001</CiteTitle>.
|
||||
Updated: July 2001</CiteTitle>.
|
||||
Directions for using ppp over telnet to do network activities
|
||||
transparently through an Internet firewall. </Para>
|
||||
</ListItem>
|
||||
|
|
|
@ -591,7 +591,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
|
|||
Firewall Piercing mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: April 2001</CiteTitle>.
|
||||
Updated: July 2001</CiteTitle>.
|
||||
Directions for using ppp over telnet to do network activities
|
||||
transparently through an Internet firewall. </Para>
|
||||
</ListItem>
|
||||
|
@ -783,7 +783,7 @@ Firewall-Piercing</ULink>, <CiteTitle>
|
|||
Firewall Piercing mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: April 2001</CiteTitle>.
|
||||
Updated: July 2001</CiteTitle>.
|
||||
Directions for using ppp over telnet to do network activities
|
||||
transparently through an Internet firewall. </Para>
|
||||
</ListItem>
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
<title>Firewall Piercing mini-HOWTO</title>
|
||||
<author>François-René Rideau, <tt>fare@tunes.org</tt></author>
|
||||
<date>v0.7, 4 November 2000</date>
|
||||
<date>v0.9, 13 July 2001</date>
|
||||
|
||||
<abstract>
|
||||
Directions for using ppp over ssh or telnet
|
||||
|
@ -40,12 +40,11 @@ Don't come crying to me.
|
|||
|
||||
<sect1>Legal Blurp
|
||||
<p>
|
||||
Copyright © 1998-2000 by François-René Rideau.
|
||||
Copyright © 1998-2001 by François-René Rideau.
|
||||
|
||||
This document is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU General Public License
|
||||
as published by the Free Software Foundation;
|
||||
either version 2 of the License, or (at your option) any later version.
|
||||
This document is free software published under the
|
||||
<url url="http://www.geocities.com/SoHo/Cafe/5947/bugroff.html"
|
||||
name="bugroff license">.
|
||||
</sect1>
|
||||
|
||||
|
||||
|
@ -86,7 +85,8 @@ an ancient and no-more-supported program named Term
|
|||
as well as on peculiarities of a not-so-standard telnet implementation,
|
||||
that is, many obsolete and non-portable facts.
|
||||
Nevertheless, there was a necessity for a mini-HOWTO about piercing firewalls,
|
||||
and despite its shortcomings, his mini-HOWTO was a model and an encouragement.
|
||||
and despite the limitations of its hacks,
|
||||
this mini-HOWTO was a model and an encouragement.
|
||||
|
||||
I'd also like to congratulate
|
||||
<URL URL="mailto:lars@nocrew.org" name="Lars Brinkhoff">
|
||||
|
@ -128,13 +128,14 @@ You can and you shall protect them from the outside world,
|
|||
but you can't protect them from themselves.
|
||||
|
||||
Because there exists such things as system administrators
|
||||
who are either unresponsive, absent, plain incompetent,
|
||||
who are either unresponsive, absent, overworked, plain incompetent,
|
||||
or more generally managed by incompetent people,
|
||||
it so happens that a user may find himself behind a firewall
|
||||
that he may cross, but only in awkward ways.
|
||||
This mini-HOWTO explains a generic and portable way
|
||||
to pierce tunnels into firewalls,
|
||||
by turning any tiny small crack into a full-fledged information superhighway,
|
||||
by turning any thin, tiny trickle of bits
|
||||
into a full-fledged information superhighway,
|
||||
so the user can seamlessly use standard tools to access computers
|
||||
on the other side of the firewall.
|
||||
The very same technique can be used by competent system administrators
|
||||
|
@ -200,7 +201,7 @@ Re-read the disclaimer above.
|
|||
<sect1>Other requirements
|
||||
<p>
|
||||
It is assumed that you know what you're doing,
|
||||
that you know about setting up a network connection,
|
||||
that you know about configuring a network connection,
|
||||
that in case of doubt, you will have read all relevant documentation
|
||||
(HOWTOs, manual pages, web pages, mailing-list archives,
|
||||
RFCs, courses, tutorials).
|
||||
|
@ -212,10 +213,23 @@ the ways currently known to work),
|
|||
and that you can let a daemon run as a background task on the remote site
|
||||
(or benefit from and existing daemon, sshd, telnetd, or sendmail/procmail).
|
||||
|
||||
It is assumed that you'll know how to configure an IP emulator (pppd, slirp)
|
||||
It is assumed that you know or are willing to learn
|
||||
how to configure an IP emulator (pppd, slirp)
|
||||
or an Internet access daemon and its associated library (SOCKS, Term)
|
||||
on each side, according to your needs in terms of connectivity
|
||||
and to your access rights, with your recompiling some software if needed.
|
||||
|
||||
Last but not least, so that you can use the hacks described in this document,
|
||||
it is assumed that you are root on the side of the firewall
|
||||
that needs full transparent IP access to the other side.
|
||||
Indeed, you'll want to run the PPP daemon on this side which
|
||||
allows for use the normal kernel packet routing facilities.
|
||||
In case you're not root on this side, your case is not desperate though:
|
||||
indeed, Barak Pearlmutter's
|
||||
<htmlurl url="http://www.linuxdoc.org/HOWTO/mini/Term-Firewall.html"
|
||||
name="Term-Firewall mini-HOWTO">
|
||||
describes how to use <tt>Term</tt>, a purely userland program,
|
||||
to the end of piercing firewalls.
|
||||
</sect1>
|
||||
|
||||
|
||||
|
@ -414,10 +428,11 @@ Automatic reconnection is left as an exercise to the reader.
|
|||
REMOTE_ACCOUNT=root@remote.fqdn.tld
|
||||
REMOTE_PPPD="pppd ipcp-accept-local ipcp-accept-remote"
|
||||
LOCAL_PPPD="pppd silent 192.168.0.1:192.168.0.2"
|
||||
cotty -d -- $LOCAL_PPPD -- ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD
|
||||
$LOCAL_PPPD pty "ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD"
|
||||
</verb>
|
||||
|
||||
(Note: this command requires <tt>cotty</tt> 0.4 or later.)
|
||||
Note that I haven't been able to use this trick with slirp on the remote side,
|
||||
|
||||
</sect1>
|
||||
</sect>
|
||||
|
||||
|
@ -557,7 +572,7 @@ Contribution in that direction welcome.
|
|||
</sect1>
|
||||
|
||||
|
||||
<sect1>Getting the triggering mail
|
||||
<sect1>Getting the trigger message
|
||||
<p>
|
||||
If you are firewalled, your mail may as well be in a central server
|
||||
that doesn't do procmail filtering or allow telnet sessions.
|
||||
|
@ -575,6 +590,13 @@ Too frequent a poll won't be nice to either the server or your host.
|
|||
Too infrequent a poll means you'll have to wait before the message gets read
|
||||
and the reverse connection gets established.
|
||||
I use two-minute poll frequency.
|
||||
</p>
|
||||
<p>
|
||||
Another way to poll for messages, when you don't have a mailbox,
|
||||
but do have outbound FTP access, is to use
|
||||
<url url="http://dhirajbhuyan.hypermart.net/ftp-tunnel.html"
|
||||
name="FTP tunnel">.
|
||||
</p>
|
||||
</sect1>
|
||||
</sect>
|
||||
|
||||
|
@ -607,6 +629,12 @@ to modify <tt>fwprc</tt>
|
|||
Now, if the only way through the firewall is a WWW proxy
|
||||
(usually, a minimum for an Internet-connected network),
|
||||
you might want to use
|
||||
<url url="http://www.snurgle.org/~griffon/" name="Chris Chiappa">'s
|
||||
script
|
||||
<url url="http://www.snurgle.org/~griffon/ssh-https-tunnel"
|
||||
name="ssh-https-tunnel">.
|
||||
|
||||
Another promising program for piercing through HTTP is
|
||||
<url url="http://lars.nocrew.org/" name="Lars Brinkoff">'s
|
||||
<url url="http://www.nocrew.org/software/httptunnel/"
|
||||
name="httptunnel">,
|
||||
|
@ -642,7 +670,6 @@ but it shouldn't be difficult.
|
|||
If necessary, fall back to using the
|
||||
<htmlurl url="http://www.linuxdoc.org/HOWTO/mini/Term-Firewall.html"
|
||||
name="Term-Firewall mini-HOWTO">.
|
||||
|
||||
|
||||
If you have an 8-bit clean connection and you're root on linux both sides
|
||||
of the firewall, you might want to use ethertap for better performance,
|
||||
|
|
Loading…
Reference in New Issue