Pretty easy. On a remote linux box (doesn't have to be Linux, can be any *nix) he runs sshd on a port allowed out from your network. Port 110 most likely, since he probably doesn't have a pop server on this system. then he runs: ssh -p 110 -L 8000:remoteserver:remoteport otherlinuxbox where remoteserver is the server you want to connect to and remoteport is the port on that server. Then you connect to localhost:8000 on your work machine and viloa- instant port forwarding. You can have multiple -L flags if you want, but it only works for TCP. There are more generic VPN solutions which are more flexible that would work as well. Vtund comes to mind. Look on freshmeat.net for it. -- Aaron Turner aturnerat_private 650.237.0300 x252 Security Engineer Vicinity Corp. Cell: 408-314-9874 Pager: 650-317-1821 http://www.vicinity.com On Sun, 23 Jan 2000, Mailing Lists wrote: > Hi! > > Back where I work, we are using a firewall the blocks everything coming in, > and gives internal users permission to use the www, ftp, pop and mail > ports. (no icq, no aol, no nothing else). > > But I overheard one of my users bragging that it bypassed the firewall > using two linux machines doing port redirection. > > I did a little research on this and the most plausible way I found is that > he is running a linux inside the firewall which grabs everyhing on a > certain port (let's say the icq server port), then forward it through port > 80 to another linux box outside the firewall which make the actual call to > the icq server on the right port. Is that possible? Is there any other > alternatives he can be using? > > btw, I don't know what the firewall used is, I'm the sysadm for my > division, but we are using the corporate firewall. > > Thanks! > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:12 PDT