About Me
Andre's Insanity (Blog)
Contact
Résumé
Note-worthy Pages
Ramblings
Projects and Ideas
Quotations
Applications
Google Profile
µ-blog
Photos
About Me
Andre's Insanity (Blog)
Contact
Résumé
Note-worthy Pages
Ramblings
Projects and Ideas
Quotations
Applications
Google Profile
µ-blog
Photos
Quenching Firewalls
The requirement is to have a compliant machine on the outside. This is, ideally, a home Linux computer, but a university or ISP-provided UNIX system will do nicely. This also means you need an SSH client on the inside. Getting puTTY is ideal.
I'm assuming that if you are behind a masquerading router, you have poked an appropriate hole. If this router is moderately unfriendly, MiniUPnP provides a client that can politely ask the router to open the port and most routers are dumb enough to comply without any authentication. This is why love Microsoft.
If outbound SSH is blocked, this poses a problem. The only way around this is to find a port that is permitted through the firewall. FTP (20 and 21) and DNS (53) are commonly allowed even though they can be controlled more tightly. HTTP (80), HTTPS (443) and the alternate HTTP (8080) are often open. If you have a real service operating on one of those ports, a firewalling rule that redirects requests to that port only from the IP range used by your firewall can provide SSH access without disrupting access to normal service. If you can't get one TCP stream out, it is just not going to happen.
Once you have SSH to the real world, your options are nearly unlimited. In the simplest case, you can run text-mode applications such as Lynx, Links, gtmess, and mutt. If you crave GUI, installing Xming and enabling X11 forwarding allows any X11 application to be run slowly. For speedier access, install the RealVNC X11 module into your X server and then use the TightVNC Windows client to connect, after tunnelling the right port through SSH. Window's Remote Desktop Protocol can also be tunnelled, but it responds strangely.
For more unfettered access, you can run a SOCKS server, such as Dante, on your server, use SSH to set up a tunnel, and point local applications to your tunnel. Bonus points if you use Tor instead of a regular SOCKS server.
Another unique solution is to connect to an IPv6 tunnel and gain unrestricted access to the IPv6 Internet, but that may not be useful.
| Mon, 8 Dec 2008 22:26:15 -0500 |
|