* [9fans] plan9port behind corporate firewall with no DNS or port access
@ 2009-07-25 4:06 Jason Catena
2009-07-25 4:35 ` andrey mirtchovski
2009-07-25 8:12 ` Steve Simon
0 siblings, 2 replies; 9+ messages in thread
From: Jason Catena @ 2009-07-25 4:06 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
[-- Attachment #1: Type: text/plain, Size: 462 bytes --]
At work I sit behind a corporate firewall which neither knows
sources.cs.bell-labs.com nor would provide me direct access to its ports if
it did. I can get out through http proxies (eg curl). Is there any way to
mount sources through this kind of static, or should I resign myself to only
seeing sources from my home computer?
9fs sources
srv: dial tcp!sources.cs.bell-labs.com!9fs: unknown host
sources.cs.bell-labs.com
9fs: exit 1
Jason Catena
[-- Attachment #2: Type: text/html, Size: 669 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 4:06 [9fans] plan9port behind corporate firewall with no DNS or port access Jason Catena
@ 2009-07-25 4:35 ` andrey mirtchovski
2009-07-25 4:55 ` Jason Catena
2009-07-25 8:12 ` Steve Simon
1 sibling, 1 reply; 9+ messages in thread
From: andrey mirtchovski @ 2009-07-25 4:35 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Just checking: have you tried accessing it by IP address
(204.178.31.8) rather than hostname? (this, of course, assumes that
you've ruled out a bad ndb configuration as the reason).
how about trying with a 9p client such as cl.py from your "normal" machine?
$ cl.py none@sources.cs.bell-labs.com
9p> ls
9grid adm contrib dist du extra fastos lsr patch plan9 wiki xen
9p>
On Fri, Jul 24, 2009 at 10:06 PM, Jason Catena<jason.catena@gmail.com> wrote:
> At work I sit behind a corporate firewall which neither
> knows sources.cs.bell-labs.com nor would provide me direct access to its
> ports if it did. I can get out through http proxies (eg curl). Is there
> any way to mount sources through this kind of static, or should I resign
> myself to only seeing sources from my home computer?
> 9fs sources
> srv: dial tcp!sources.cs.bell-labs.com!9fs: unknown host
> sources.cs.bell-labs.com
> 9fs: exit 1
> Jason Catena
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 4:35 ` andrey mirtchovski
@ 2009-07-25 4:55 ` Jason Catena
2009-07-25 13:56 ` erik quanstrom
0 siblings, 1 reply; 9+ messages in thread
From: Jason Catena @ 2009-07-25 4:55 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
[-- Attachment #1: Type: text/plain, Size: 673 bytes --]
On Fri, Jul 24, 2009 at 23:35, andrey mirtchovski <mirtchovski@gmail.com>wrote:
> Just checking: have you tried accessing it by IP address
> (204.178.31.8) rather than hostname? (this, of course, assumes that
> you've ruled out a bad ndb configuration as the reason).
>
traceroute can't get to that IP address, so I'm pretty sure the corporate
firewall is doing its job.
> how about trying with a 9p client such as cl.py from your "normal" machine?
Bleh, its python doesn't have 9P.
I think I'd rather spend my time trying to figure out how to get a
sources/contrib dir and mount it on my home Ubuntu machine. Whom do I ask
very nicely for that?
[-- Attachment #2: Type: text/html, Size: 1127 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 4:55 ` Jason Catena
@ 2009-07-25 13:56 ` erik quanstrom
0 siblings, 0 replies; 9+ messages in thread
From: erik quanstrom @ 2009-07-25 13:56 UTC (permalink / raw)
To: 9fans
> traceroute can't get to that IP address, so I'm pretty sure the corporate
> firewall is doing its job.
traceroute failure just means that someone is not passing icmp
traffic. the only thing you know is icmp traffic won't pass.
here's a dirty trick you can do with plan 9 traceroute:
; ip/traceroute /net/tcp!minooka.coraid.com
trying /net/tcp!12.51.113.6!32767
round trip times in µs
low avg high
--------------------------
192.168.0.64 175 243 376
192.168.1.254 320 386 509
65.14.248.28 19621 20117 20711
74.253.143.53 21151 22002 22685
205.152.99.98 21649 22016 22468
65.83.238.74 21693 22098 22641
65.83.238.194 22661 23113 23896
12.122.140.198 23143 23939 24520 cr2.attga.ip.att.net
12.122.140.45 169904 201516 222315 gar19.attga.ip.att.net
12.87.45.86 26855 27417 28069
12.51.113.6 26376 26949 27493
by the way, plan 9 dns query tends to do poorly
with rfc2672-style reverse ips. it tends to quit on
the cname.
- erik
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 4:06 [9fans] plan9port behind corporate firewall with no DNS or port access Jason Catena
2009-07-25 4:35 ` andrey mirtchovski
@ 2009-07-25 8:12 ` Steve Simon
2009-07-25 12:43 ` Uriel
1 sibling, 1 reply; 9+ messages in thread
From: Steve Simon @ 2009-07-25 8:12 UTC (permalink / raw)
To: 9fans
There are several places which have readonly versions of sources available via
http, alternatively there is a socks client or even htfilefs, the former uses
the SOCKS protocol to tunnel through the firewall.
htfilefs mounts a remote ISO image (like the plan9 nightly build iso)
over an http connection and expands it as a hierarchy.
You could probably write some tunneling software to run on your home
machine and work machine using http in between, but your corperate IT
department might not see the funny side of such practices...
-Steve
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 8:12 ` Steve Simon
@ 2009-07-25 12:43 ` Uriel
2009-07-25 16:39 ` Salman Aljammaz
0 siblings, 1 reply; 9+ messages in thread
From: Uriel @ 2009-07-25 12:43 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Why not run inferno (or 9vx) on your home machine, export /net on port
80, mount it from work using inferno again, and you are out.
If your work firewall proxies port 80, then things get trickier, you
could mount sources on the home inferno instance, and then export it
using mjl's httpd as a read-only http 'tree'.
uriel
On Sat, Jul 25, 2009 at 10:12 AM, Steve Simon<steve@quintile.net> wrote:
> There are several places which have readonly versions of sources available via
> http, alternatively there is a socks client or even htfilefs, the former uses
> the SOCKS protocol to tunnel through the firewall.
>
> htfilefs mounts a remote ISO image (like the plan9 nightly build iso)
> over an http connection and expands it as a hierarchy.
>
> You could probably write some tunneling software to run on your home
> machine and work machine using http in between, but your corperate IT
> department might not see the funny side of such practices...
>
> -Steve
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 12:43 ` Uriel
@ 2009-07-25 16:39 ` Salman Aljammaz
2009-07-25 16:55 ` John Floren
2009-07-25 16:56 ` Iruata Souza
0 siblings, 2 replies; 9+ messages in thread
From: Salman Aljammaz @ 2009-07-25 16:39 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Uriel wrote:
> If your work firewall proxies port 80, then things get trickier, you
> could mount sources on the home inferno instance, and then export it
> using mjl's httpd as a read-only http 'tree'.
assuming you've got openssh, one trick i used to do back in school was
run sshd on on port 443.
you can then forward specific ports (-L) or even run socks (-D) on ssh.
salman
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 16:39 ` Salman Aljammaz
@ 2009-07-25 16:55 ` John Floren
2009-07-25 16:56 ` Iruata Souza
1 sibling, 0 replies; 9+ messages in thread
From: John Floren @ 2009-07-25 16:55 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
On Sat, Jul 25, 2009 at 9:39 AM, Salman Aljammaz<sio@finiteless.net> wrote:
> Uriel wrote:
>> If your work firewall proxies port 80, then things get trickier, you
>> could mount sources on the home inferno instance, and then export it
>> using mjl's httpd as a read-only http 'tree'.
>
> assuming you've got openssh, one trick i used to do back in school was
> run sshd on on port 443.
>
> you can then forward specific ports (-L) or even run socks (-D) on ssh.
>
> salman
>
>
>
If you have even one single port open outgoing, all you need is to get
a remote Plan 9/Inferno exporting /net on that port. I did it on port
22 while I was waiting for the import port to be opened.
#on the outside box
aux/listen1 -t 'tcp!*!22' /bin/exportfs
#from the inside
import -A tcp!remote!22 /net
You're using p9p so your mileage may vary... but the basic concept is
sound and allows you to completely avoid the firewall, assuming you
can actually use a remote /net on p9p. If not, well, you should run a
real Plan 9 :)
John
--
"I've tried programming Ruby on Rails, following TechCrunch in my RSS
reader, and drinking absinthe. It doesn't work. I'm going back to C,
Hunter S. Thompson, and cheap whiskey." -- Ted Dziuba
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9fans] plan9port behind corporate firewall with no DNS or port access
2009-07-25 16:39 ` Salman Aljammaz
2009-07-25 16:55 ` John Floren
@ 2009-07-25 16:56 ` Iruata Souza
1 sibling, 0 replies; 9+ messages in thread
From: Iruata Souza @ 2009-07-25 16:56 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
On Sat, Jul 25, 2009 at 1:39 PM, Salman Aljammaz<sio@finiteless.net> wrote:
> Uriel wrote:
>> If your work firewall proxies port 80, then things get trickier, you
>> could mount sources on the home inferno instance, and then export it
>> using mjl's httpd as a read-only http 'tree'.
>
> assuming you've got openssh, one trick i used to do back in school was
> run sshd on on port 443.
>
> you can then forward specific ports (-L) or even run socks (-D) on ssh.
>
> salman
>
>
>
on unix:
% cat .ssh/config
Host xxx
ProtocolKeepAlives 30
ProxyCommand /path/to/proxytunnel/proxytunnel -p proxyhost:proxyport
-P proxyuser:proxypass -d xxx.org
% ssh -D localproxyport
-Llocaladdress:localport:sources.cs.bell-labs.com:564 user@xxx.org
on Plan 9:
% srv -nq tcp!localaddress!localport sources /n/sources
and there you have it. only tested it for non-authenticated connections.
iru
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2009-07-25 16:56 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-07-25 4:06 [9fans] plan9port behind corporate firewall with no DNS or port access Jason Catena
2009-07-25 4:35 ` andrey mirtchovski
2009-07-25 4:55 ` Jason Catena
2009-07-25 13:56 ` erik quanstrom
2009-07-25 8:12 ` Steve Simon
2009-07-25 12:43 ` Uriel
2009-07-25 16:39 ` Salman Aljammaz
2009-07-25 16:55 ` John Floren
2009-07-25 16:56 ` Iruata Souza
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).