mirror of https://github.com/tLDP/LDP
updated
This commit is contained in:
parent
318e8b02cc
commit
de5d71700d
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
<title>Firewall Piercing mini-HOWTO</title>
|
<title>Firewall Piercing mini-HOWTO</title>
|
||||||
<author>François-René Rideau, <tt>fare@tunes.org</tt></author>
|
<author>François-René Rideau, <tt>fare@tunes.org</tt></author>
|
||||||
<date>v0.8, 19 April 2001</date>
|
<date>v0.7, 4 November 2000</date>
|
||||||
|
|
||||||
<abstract>
|
<abstract>
|
||||||
Directions for using ppp over ssh or telnet
|
Directions for using ppp over ssh or telnet
|
||||||
|
@ -40,11 +40,12 @@ Don't come crying to me.
|
||||||
|
|
||||||
<sect1>Legal Blurp
|
<sect1>Legal Blurp
|
||||||
<p>
|
<p>
|
||||||
Copyright © 1998-2001 by François-René Rideau.
|
Copyright © 1998-2000 by François-René Rideau.
|
||||||
|
|
||||||
This document is free software published under the
|
This document is free software; you can redistribute it and/or modify it
|
||||||
<url url="http://www.geocities.com/SoHo/Cafe/5947/bugroff.html"
|
under the terms of the GNU General Public License
|
||||||
name="bugroff license">.
|
as published by the Free Software Foundation;
|
||||||
|
either version 2 of the License, or (at your option) any later version.
|
||||||
</sect1>
|
</sect1>
|
||||||
|
|
||||||
|
|
||||||
|
@ -127,14 +128,13 @@ You can and you shall protect them from the outside world,
|
||||||
but you can't protect them from themselves.
|
but you can't protect them from themselves.
|
||||||
|
|
||||||
Because there exists such things as system administrators
|
Because there exists such things as system administrators
|
||||||
who are either unresponsive, absent, overworked, plain incompetent,
|
who are either unresponsive, absent, plain incompetent,
|
||||||
or more generally managed by incompetent people,
|
or more generally managed by incompetent people,
|
||||||
it so happens that a user may find himself behind a firewall
|
it so happens that a user may find himself behind a firewall
|
||||||
that he may cross, but only in awkward ways.
|
that he may cross, but only in awkward ways.
|
||||||
This mini-HOWTO explains a generic and portable way
|
This mini-HOWTO explains a generic and portable way
|
||||||
to pierce tunnels into firewalls,
|
to pierce tunnels into firewalls,
|
||||||
by turning any tiny small bit trickle
|
by turning any tiny small crack into a full-fledged information superhighway,
|
||||||
into a full-fledged information superhighway,
|
|
||||||
so the user can seamlessly use standard tools to access computers
|
so the user can seamlessly use standard tools to access computers
|
||||||
on the other side of the firewall.
|
on the other side of the firewall.
|
||||||
The very same technique can be used by competent system administrators
|
The very same technique can be used by competent system administrators
|
||||||
|
@ -414,8 +414,10 @@ Automatic reconnection is left as an exercise to the reader.
|
||||||
REMOTE_ACCOUNT=root@remote.fqdn.tld
|
REMOTE_ACCOUNT=root@remote.fqdn.tld
|
||||||
REMOTE_PPPD="pppd ipcp-accept-local ipcp-accept-remote"
|
REMOTE_PPPD="pppd ipcp-accept-local ipcp-accept-remote"
|
||||||
LOCAL_PPPD="pppd silent 192.168.0.1:192.168.0.2"
|
LOCAL_PPPD="pppd silent 192.168.0.1:192.168.0.2"
|
||||||
$LOCAL_PPPD pty "ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD"
|
cotty -d -- $LOCAL_PPPD -- ssh -t $REMOTE_ACCOUNT $REMOTE_PPPD
|
||||||
</verb>
|
</verb>
|
||||||
|
|
||||||
|
(Note: this command requires <tt>cotty</tt> 0.4 or later.)
|
||||||
</sect1>
|
</sect1>
|
||||||
</sect>
|
</sect>
|
||||||
|
|
||||||
|
@ -605,12 +607,6 @@ to modify <tt>fwprc</tt>
|
||||||
Now, if the only way through the firewall is a WWW proxy
|
Now, if the only way through the firewall is a WWW proxy
|
||||||
(usually, a minimum for an Internet-connected network),
|
(usually, a minimum for an Internet-connected network),
|
||||||
you might want to use
|
you might want to use
|
||||||
<url url="http://www.snurgle.org/~griffon/" name="Chris Chiappa">'s
|
|
||||||
script
|
|
||||||
<url url="http://www.snurgle.org/~griffon/ssh-https-tunnel"
|
|
||||||
name="ssh-https-tunnel">.
|
|
||||||
|
|
||||||
Another promising program for piercing through HTTP is
|
|
||||||
<url url="http://lars.nocrew.org/" name="Lars Brinkoff">'s
|
<url url="http://lars.nocrew.org/" name="Lars Brinkoff">'s
|
||||||
<url url="http://www.nocrew.org/software/httptunnel/"
|
<url url="http://www.nocrew.org/software/httptunnel/"
|
||||||
name="httptunnel">,
|
name="httptunnel">,
|
||||||
|
@ -646,6 +642,7 @@ but it shouldn't be difficult.
|
||||||
If necessary, fall back to using the
|
If necessary, fall back to using the
|
||||||
<htmlurl url="http://www.linuxdoc.org/HOWTO/mini/Term-Firewall.html"
|
<htmlurl url="http://www.linuxdoc.org/HOWTO/mini/Term-Firewall.html"
|
||||||
name="Term-Firewall mini-HOWTO">.
|
name="Term-Firewall mini-HOWTO">.
|
||||||
|
|
||||||
|
|
||||||
If you have an 8-bit clean connection and you're root on linux both sides
|
If you have an 8-bit clean connection and you're root on linux both sides
|
||||||
of the firewall, you might want to use ethertap for better performance,
|
of the firewall, you might want to use ethertap for better performance,
|
||||||
|
|
Loading…
Reference in New Issue