This commit is contained in:
gferg 2001-07-13 13:47:43 +00:00
parent 318e8b02cc
commit de5d71700d
1 changed files with 12 additions and 15 deletions

View File

@ -5,7 +5,7 @@
<title>Firewall Piercing mini-HOWTO</title>
<author>François-René Rideau, <tt>fare@tunes.org</tt></author>
<date>v0.8, 19 April 2001</date>
<date>v0.7, 4 November 2000</date>
<abstract>
Directions for using ppp over ssh or telnet
@ -40,11 +40,12 @@ Don't come crying to me.
<sect1>Legal Blurp
<p>
Copyright &copy; 1998-2001 by François-René Rideau.
Copyright &copy; 1998-2000 by François-René Rideau.
This document is free software published under the
<url url="http://www.geocities.com/SoHo/Cafe/5947/bugroff.html"
name="bugroff license">.
This document is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License
as published by the Free Software Foundation;
either version 2 of the License, or (at your option) any later version.
</sect1>
@ -127,14 +128,13 @@ You can and you shall protect them from the outside world,
but you can't protect them from themselves.
Because there exists such things as system administrators
who are either unresponsive, absent, overworked, plain incompetent,
who are either unresponsive, absent, plain incompetent,
or more generally managed by incompetent people,
it so happens that a user may find himself behind a firewall
that he may cross, but only in awkward ways.
This mini-HOWTO explains a generic and portable way
to pierce tunnels into firewalls,
by turning any tiny small bit trickle
into a full-fledged information superhighway,
by turning any tiny small crack into a full-fledged information superhighway,
so the user can seamlessly use standard tools to access computers
on the other side of the firewall.
The very same technique can be used by competent system administrators
@ -414,8 +414,10 @@ Automatic reconnection is left as an exercise to the reader.
REMOTE_ACCOUNT=root@remote.fqdn.tld
REMOTE_PPPD="pppd ipcp-accept-local ipcp-accept-remote"
LOCAL_PPPD="pppd silent 192.168.0.1:192.168.0.2"
$LOCAL_PPPD pty "ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD"
cotty -d -- $LOCAL_PPPD -- ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD
</verb>
(Note: this command requires <tt>cotty</tt> 0.4 or later.)
</sect1>
</sect>
@ -605,12 +607,6 @@ to modify <tt>fwprc</tt>
Now, if the only way through the firewall is a WWW proxy
(usually, a minimum for an Internet-connected network),
you might want to use
<url url="http://www.snurgle.org/~griffon/" name="Chris Chiappa">'s
script
<url url="http://www.snurgle.org/~griffon/ssh-https-tunnel"
name="ssh-https-tunnel">.
Another promising program for piercing through HTTP is
<url url="http://lars.nocrew.org/" name="Lars Brinkoff">'s
<url url="http://www.nocrew.org/software/httptunnel/"
name="httptunnel">,
@ -646,6 +642,7 @@ but it shouldn't be difficult.
If necessary, fall back to using the
<htmlurl url="http://www.linuxdoc.org/HOWTO/mini/Term-Firewall.html"
name="Term-Firewall mini-HOWTO">.
If you have an 8-bit clean connection and you're root on linux both sides
of the firewall, you might want to use ethertap for better performance,