>Youre example is not using a proxy based firewall, you are using the >transparent DNS port. If you force the DNS through a proxy proces as it >should on a proxy based firewall (hidden DNS o.i.d) (No transparent >connection at all) then this trick will not work. Back when I was writing the firewall toolkit I hacked together a version of a /dev/tun driver and had it piping its output into a script that uuencoded packets, then emailed them to an alias on a remote machine which uudecoded them and shoved them into /dev/tun. It worked; ping round trip times were in the order of seconds, which made running NFS difficult without adjusting timeouts. I was able to mount filesystems after a bit of fiddling, and could get a very slow telnet session connected. Tunnelling over DNS would be silly, anyhow; most firewalls have this huge gaping hole called SSL... mjr.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:56 PDT