[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IP Tunneling to a firewalled host
On Mon, 22 Jun 1998, Miki Shapiro wrote:
> Hi ppl.
> Well after a bit of snooping around, I understand that while
> bi-directional communication with a host outside my firewall is
> obviously possible as long as the machine inside the firewall is the
> one to open up the session, I cannot use the existing IP TUNNELING code
> to use such a session (opened from the inside) as an IP tunnel leading
> in.
Where did you snoop around, exactly ? I think that this is what I wrote to
you about it on this list ?
> to my question:
> A) doesnt ANYTHING in existance that runs on linux allow me to do this?
As I have said before, Passive FTP does just that. It needs to be
adpated.
> B) OK. I need this working and nothing similar is available. So I guess
> now is as good time as any to start hacking code.
How did you guess ?
> <naive-optimistic-I-wanna-be-a-programmer mode on>
<large model flame-thrower mode on>
> A - Is that stuff with which the Linux modules are written c or c++?
> Some other nasty beast?
> I need to know who Im fighting... :-)
This is a fine time to ask this. I wouldn't know. Could be Perl or Python
? Maybe Tcl ?
> B - I have some minimal programming experience.
> I can pick up C/C++/whatever basics in an online tutorial.
> Can someone reccomend a good book for Linux-Based (Or UNIX based if
> its the same stuff) TCP/IP programming using the language that answers
> Question A? - something available in Israeli book-stores is highly
> preferrable. I dont feel like waiting another 3 months for a delivery
> from amazon....
Pick up the basics, go through intermediate, reach advanced, do a few
textbook examples of TCP/IP programming without the naive assumptions in
textbooks, and come back and ask again.
For the Linux-Based (Or UNIX based if it's the same stuff) question, you
will spend 6 months in hospital, to cure your burns. What did you think it
was like, Winsock ?
> </naive-mode>
</flame>
Seriously: Get somebody who *knows* some C and TCP/IP, analyze how the
tunneling connection is opened (what message etc), and hack in the Passive
FTP method, which will require an open port somewhere on a known service
(are you using news ? If not, grab the NNTP socket and use it, the
firewall almost certainly lets it through and that's all you need - but
make sure that your handshake session starts with a 'QUIT' to close any
NNTP server you may open by chance).
NOW, this is the second time I give you a solution. The next answer will
be an undilluted flame.
> Thanks :-)
It's my pleasure ;(
Peter