[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP Tunneling to a firewalled host



On Mon, 22 Jun 1998, Miki Shapiro wrote:

> Hi ppl.
> Well after a bit of snooping around, I understand that while
> bi-directional communication with a host outside my firewall is
> obviously possible as long as the machine inside the firewall is the 
> one to open up the session, I cannot use the existing IP TUNNELING code
> to use such a session (opened from the inside) as an IP tunnel leading
> in.

Where did you snoop around, exactly ? I think that this is what I wrote to
you about it on this list ?

> to my question:
> A) doesnt ANYTHING in existance that runs on linux allow me to do this? 

As I have said before, Passive FTP does just that. It needs to be
adpated.

> B) OK. I need this working and nothing similar is available. So I guess
> now is as good time as any to start hacking code.

How did you guess ?

> <naive-optimistic-I-wanna-be-a-programmer mode on>

<large model flame-thrower mode on>

> A - Is that stuff with which the Linux modules are written c or c++?
>     Some other nasty beast?
>     I need to know who Im fighting... :-)

This is a fine time to ask this. I wouldn't know. Could be Perl or Python
? Maybe Tcl ?

> B - I have some minimal programming experience.
>     I can pick up C/C++/whatever basics in an online tutorial.
>     Can someone reccomend a good book for Linux-Based (Or UNIX based if
>     its the same stuff) TCP/IP programming using the language that answers
>     Question A? - something available in Israeli book-stores is highly
>     preferrable. I dont feel like waiting another 3 months for a delivery
>     from amazon....

Pick up the basics, go through intermediate, reach advanced, do a few
textbook examples of TCP/IP programming without the naive assumptions in
textbooks, and come back and ask again.

For the Linux-Based (Or UNIX based if it's the same stuff) question, you
will spend 6 months in hospital, to cure your burns. What did you think it
was like, Winsock ?

> </naive-mode>

</flame>

Seriously: Get somebody who *knows* some C and TCP/IP, analyze how the
tunneling connection is opened (what message etc), and hack in the Passive
FTP method, which will require an open port somewhere on a known service
(are you using news ? If not, grab the NNTP socket and use it, the
firewall almost certainly lets it through and that's all you need - but
make sure that your handshake session starts with a 'QUIT' to close any
NNTP server you may open by chance).

NOW, this is the second time I give you a solution. The next answer will
be an undilluted flame.

>         Thanks :-)

It's my pleasure ;(

Peter