From: "Robert Graham" <robert_david_grahamat_private> > You don't really need two Linux boxes. Assuming you have a standard packet > filtering firewall that allows only outbound TCP connections to port 80, a user > could setup a SOCKS server at home (assume cable-modem/DSL) listening on port > 80 rather than the standard 1080. Any socksable client then can allow the user > any activity through his/her home machine. For example, run SocksCap from NEC > configured to use the home machine as the SOCKS server. Most client apps can > now work invisibly through this setup. This would not work though if the firewall examined the http packets for kosher data. Reverse proxies, application layer proxies, statefull inspection firewalls, and anything else employing similar descriptions would prevent such things. Robert's example of running socks on port 80 will work if the "firewall" were no more than a packet filter or [perhaps] a NAT box. In the case that the firewall requires packets running through port 80 conform to the http protocol, a tunnel would have to be set up. I'm sure many methods exist to tunnel connections through popular protocols like telnet, http, and https. I know personally of one Linux application that allows you to tunnel securely through https, so there should be less fanciful methods out there.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:19 PDT