Re: Bypassing firewall

["Aaron D. Turner" <aturner () vicinity com>]

Pretty easy.

On a remote linux box (doesn't have to be Linux, can be any *nix) he
runs sshd on a port allowed out from your network.  Port 110 most
likely, since he probably doesn't have a pop server on this system.

then he runs:

ssh -p 110 -L 8000:remoteserver:remoteport otherlinuxbox

where remoteserver is the server you want to connect to and remoteport
is the port on that server.  Then you connect to localhost:8000 on
your work machine and viloa- instant port forwarding.

You can have multiple -L flags if you want, but it only works for TCP.

There are more generic VPN solutions which are more flexible that
would work as well.  Vtund comes to mind.  Look on freshmeat.net for
it.

-- 
Aaron Turner        aturner () vicinity com  650.237.0300 x252
Security Engineer                         Vicinity Corp.        
Cell: 408-314-9874  Pager: 650-317-1821   http://www.vicinity.com

On Sun, 23 Jan 2000, Mailing Lists wrote:

> Hi!
>
> Back where I work, we are using a firewall the blocks everything coming in, 
> and gives internal users permission to use the www, ftp, pop and mail 
> ports.  (no icq, no aol, no nothing else).
>
> But I overheard one of my users bragging that it bypassed the firewall 
> using two linux machines doing port redirection.
>
> I did a little research on this and the most plausible way I found is that 
> he is running a linux inside the firewall which grabs everyhing on a 
> certain port (let's say the icq server port), then forward it through port 
> 80 to another linux box outside the firewall which make the actual call to 
> the icq server on the right port.  Is that possible?  Is there any other 
> alternatives he can be using?
>
> btw, I don't know what the firewall used is, I'm the sysadm for my 
> division, but we are using the corporate firewall.
>
> Thanks!