nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: broken DNS proxying at public wireless hotspots

From: Mark Foster <blakjak () blakjak net>
Date: Sun, 4 Feb 2007 20:39:39 +1300 (NZDT)



On Sun, 4 Feb 2007, Peter J. Cherny wrote:



At 04:58 PM 4/2/07, Trent Lloyd <lathiat () bur st> wrote:

* Set up the profile, to your house/work/etc, of your favorite SSH
client to forward port 53 local to port 53 on your remote machine.
The flaw here is that DNS operates over 53(UDP), last time I checked >SSH 
doesn't do UDP port forwarding?

At the risk of stating the obvious ...

Whats wrong with using an OpenVPN tunnel with appropriate acls ?
(It works for me !)




1) SSH out, by IP, to a known-useful host.
2) Resolve all IPs required there / use it as a proxy if feasible.

Depends on what you're trying to do over a public wlan, of course.

VPN solutions are indeed obvious, and are the other work around.

Suprised noones mentioned yet...
I hope the wireless you're using is free!!! If not, well, I wouldn't be paying for an obviously broken service. (And would be making all appropriate noises to the provider).
I would imagine the average NANOGer is going to be quite capable to get around the problem, as long as theres the ability to go out via known-IP (assuming no more strict filtering than that..). But obviously some people are going to struggle, and frankly, service providers who provide 'broken' services (and still charge for it) really get on my nerves.... 


Mark.
Previous By Date Next
Previous By Thread Next

Current thread: