From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Setting up an ip-tunnel
Date: Mon, 05 May 2003 15:54:52 +0000 [thread overview]
Message-ID: <marc-lartc-105215014809932@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105214625905066@msgid-missing>
Patrick,
: Wouldn't think it to be a problem as it's just a firewall sitting in the
: way of the private computers of students at our collage and they haven't
: setup any rules of this kind.
This is your call. There are technical solutions to allow for tunnelling,
but you should be certain that you are not subverting your organizations
security policy.
: > Here's an example of using GRE tunnels ("ip tunnel"):
: >
: > http://lartc.org/howto/lartc.tunnel.gre.html#AEN333
:
: This tutorial assumes that I have control over the routers connecting
: the different LANs together. Unfortunately I don't think they (the
: admins hosting the firewall) would honour my request for them to setup
: a ip-tunnel for me specifically.
If your GRE packets from the two hosts you control can traverse the
firewall, then you can create a tunnel between the two hosts. If the
firewall prevents you from passing IP protocol 47 (GRE) bidirectionally,
then you'll need to look at other solutions. You do not need control over
the firewall to use GRE tunnels.
: As I haven't setup an ip-tunnel before I have no idea if it's even
: possible to do so if I don't have control over the firewall I'm behind.
: Is it or am I out of luck? Is it in that case possible in _any_ way for
: the computer with the public ip to communicate with the one behind the
: firewall "directly"?
Yes.
: > Have you thought of using ssh port forwarding?
:
: Haven't looked into it so much but as I understand you'll have to
: control the firewall and setup ssh-forwarding there for it to work, and
: I haven't got that control.
[ assume: box S behind firewall, box P in front of firewall ]
The questions you should be asking yourself now are as follows:
- what types of packets can I send from S to P
- what types of packets can I send from P to S
- what types of tunnels can I create with these packets
Quick and dirty summary:
- IPSec, IP protocols 50, 51, and UDP(7)/500
- CIPE, UDP(7)/<your-choice-of-port>
- ssh tunnel, TCP/22, embedded or MUX'd tunnel
- GRE tunnel, IP protocol 47
Good luck,
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-05-05 15:54 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-05 14:49 [LARTC] Setting up an ip-tunnel Patrick Börjesson
2003-05-05 15:01 ` Martin A. Brown
2003-05-05 15:39 ` Patrick Börjesson
2003-05-05 15:54 ` Martin A. Brown [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105215014809932@msgid-missing \
--to=mabrown-lartc@securepipe.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.