From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200401201629.i0KGTsj01777@augusta.math.psu.edu> To: 9fans@cse.psu.edu Subject: Re: [9fans] Unix trampoline? In-Reply-To: Your message of "Tue, 20 Jan 2004 07:45:02 EST." From: Dan Cross Date: Tue, 20 Jan 2004 11:29:54 -0500 Topicbox-Message-UUID: bcac12d2-eacc-11e9-9e20-41e7f4b1d025 a@9srv.net writes: > > okay, i've been banging my head against a wall since > yesterday trying to do a simple port-forward on unix. > i'm having a heck of a time getting natd, ipfw, and > ssh to all play nice together. i'd love to just skip > the whole deal and run trampoline from aux/listen, > but, obviously, i've got neither trampoline nor > aux/listen on unix. anyone got either? What about netcat started from inetd? That does largely the same thing, and I've used it to good effect to shuttle bytes between the HTTPS port on one machine to the SSH port on another. Alternately, I have a Unix trampoline I wrote once and posted to 9fans. It's either in the list archives, or in /usr/cross/src/unixsrc/c/misc/trampoline.c on my machines, which you have an account on. I wrote it under MacOS X, so it should work in your environment. As an aside, completely unrelated to Anthony's question, a good way to get around overly restrictive corporate firewalls: take an SSH client that can deal with an HTTP proxy [PuTTY is a good one], and connect to an SSH server answering on the HTTPS port of a server out on the Internet somewhere, and forward a bunch of ports through it. Most HTTP proxies will let you connect to remote HTTPS ports; if not, run the SSH server on the HTTP port itself. In my case, I have a Sun running an HTTP proxy on the localhost interface. In my restrictive environment, I SSH through the HTTP proxy in the local firewall to the HTTPS port of another Sun that forwards to the SSH server on the first Sun (Why? I have a real HTTPS server listening on the first Sun). I forward whatever ports I'm interested in, including the HTTP proxy port, and I run my web browser using my local machine as a proxy, which forwards to the Sun, which in turn proxies my web traffic (and whatever else I want, like AIM). The Sun is on a network I trust no one to be sniffing. Or, if they are, I don't particularly care. At least this way, no one is sniffing my local traffic unless they're monitoring my keystrokes or what goes over the loopback interface. - Dan C.