From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 Date: Fri, 24 Jul 2009 23:06:51 -0500 Message-ID: From: Jason Catena To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=0016364edb7ebc7c3e046f7fd9ea Subject: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2cadfc1e-ead5-11e9-9d60-3106f5b1d025 --0016364edb7ebc7c3e046f7fd9ea Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit At work I sit behind a corporate firewall which neither knows sources.cs.bell-labs.com nor would provide me direct access to its ports if it did. I can get out through http proxies (eg curl). Is there any way to mount sources through this kind of static, or should I resign myself to only seeing sources from my home computer? 9fs sources srv: dial tcp!sources.cs.bell-labs.com!9fs: unknown host sources.cs.bell-labs.com 9fs: exit 1 Jason Catena --0016364edb7ebc7c3e046f7fd9ea Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
At work I sit behind a corporate firewall which neither knows=A0sources.cs.bell-labs.com nor woul= d provide me direct access to its ports if it did. =A0I can get out through= http proxies (eg curl). =A0Is there any way to mount sources through this = kind of static, or should I resign myself to only seeing sources from my ho= me computer?

9fs sources
srv: dial tcp!sources.cs.bell-labs.com!9fs: unknown host sources.cs.bell-labs.com
9fs: exit 1

Jason Catena

--0016364edb7ebc7c3e046f7fd9ea-- From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: Date: Fri, 24 Jul 2009 22:35:17 -0600 Message-ID: <14ec7b180907242135k6299bf32v94c65e219cf7944c@mail.gmail.com> From: andrey mirtchovski To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2cb2a4f8-ead5-11e9-9d60-3106f5b1d025 Just checking: have you tried accessing it by IP address (204.178.31.8) rather than hostname? (this, of course, assumes that you've ruled out a bad ndb configuration as the reason). how about trying with a 9p client such as cl.py from your "normal" machine? $ cl.py none@sources.cs.bell-labs.com 9p> ls 9grid adm contrib dist du extra fastos lsr patch plan9 wiki xen 9p> On Fri, Jul 24, 2009 at 10:06 PM, Jason Catena wrot= e: > At work I sit behind a corporate firewall which neither > knows=C2=A0sources.cs.bell-labs.com nor would provide me direct access to= its > ports if it did. =C2=A0I can get out through http proxies (eg curl). =C2= =A0Is there > any way to mount sources through this kind of static, or should I resign > myself to only seeing sources from my home computer? > 9fs sources > srv: dial tcp!sources.cs.bell-labs.com!9fs: unknown host > sources.cs.bell-labs.com > 9fs: exit 1 > Jason Catena > > From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <14ec7b180907242135k6299bf32v94c65e219cf7944c@mail.gmail.com> References: <14ec7b180907242135k6299bf32v94c65e219cf7944c@mail.gmail.com> Date: Fri, 24 Jul 2009 23:55:46 -0500 Message-ID: From: Jason Catena To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=0016e644ccb8a86237046f8088e0 Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2cb72eb0-ead5-11e9-9d60-3106f5b1d025 --0016e644ccb8a86237046f8088e0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On Fri, Jul 24, 2009 at 23:35, andrey mirtchovski wrote: > Just checking: have you tried accessing it by IP address > (204.178.31.8) rather than hostname? (this, of course, assumes that > you've ruled out a bad ndb configuration as the reason). > traceroute can't get to that IP address, so I'm pretty sure the corporate firewall is doing its job. > how about trying with a 9p client such as cl.py from your "normal" machine? Bleh, its python doesn't have 9P. I think I'd rather spend my time trying to figure out how to get a sources/contrib dir and mount it on my home Ubuntu machine. Whom do I ask very nicely for that? --0016e644ccb8a86237046f8088e0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Fri, Jul 24, 2009 at 23:35, andrey mirtchovsk= i <mirtchovsk= i@gmail.com> wrote:
Just checking: have you tried accessing it by IP address
(204.178.31.8) rather than hostname? (this, of course, assumes that
you've ruled out a bad ndb configuration as the reason).

traceroute can't get to that IP a= ddress, so I'm pretty sure the corporate firewall is doing its job.
=A0
how about trying with a 9p client such as cl.py from your "normal"= ; machine?

Bleh, its python doesn't hav= e 9P.
=A0
I think I'd rather spend my time trying t= o figure out how to get a sources/contrib dir and mount it on my home Ubunt= u machine. =A0Whom do I ask very nicely for that?

--0016e644ccb8a86237046f8088e0-- From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <1001eb37c560440120c5c5ad6feaee55@quintile.net> From: "Steve Simon" Date: Sat, 25 Jul 2009 09:12:21 +0100 To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2cbb7920-ead5-11e9-9d60-3106f5b1d025 There are several places which have readonly versions of sources available via http, alternatively there is a socks client or even htfilefs, the former uses the SOCKS protocol to tunnel through the firewall. htfilefs mounts a remote ISO image (like the plan9 nightly build iso) over an http connection and expands it as a hierarchy. You could probably write some tunneling software to run on your home machine and work machine using http in between, but your corperate IT department might not see the funny side of such practices... -Steve From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <1001eb37c560440120c5c5ad6feaee55@quintile.net> References: <1001eb37c560440120c5c5ad6feaee55@quintile.net> Date: Sat, 25 Jul 2009 14:43:25 +0200 Message-ID: <5d375e920907250543x503b7509t4ffa41e9654a4a78@mail.gmail.com> From: Uriel To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2cc833fe-ead5-11e9-9d60-3106f5b1d025 Why not run inferno (or 9vx) on your home machine, export /net on port 80, mount it from work using inferno again, and you are out. If your work firewall proxies port 80, then things get trickier, you could mount sources on the home inferno instance, and then export it using mjl's httpd as a read-only http 'tree'. uriel On Sat, Jul 25, 2009 at 10:12 AM, Steve Simon wrote: > There are several places which have readonly versions of sources available via > http, alternatively there is a socks client or even htfilefs, the former uses > the SOCKS protocol to tunnel through the firewall. > > htfilefs mounts a remote ISO image (like the plan9 nightly build iso) > over an http connection and expands it as a hierarchy. > > You could probably write some tunneling software to run on your home > machine and work machine using http in between, but your corperate IT > department might not see the funny side of such practices... > > -Steve > > From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <88ae902dfde5016e3675f123525aa482@quanstro.net> From: erik quanstrom Date: Sat, 25 Jul 2009 09:56:28 -0400 To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2cd075dc-ead5-11e9-9d60-3106f5b1d025 > traceroute can't get to that IP address, so I'm pretty sure the corporate > firewall is doing its job. traceroute failure just means that someone is not passing icmp traffic. the only thing you know is icmp traffic won't pass. here's a dirty trick you can do with plan 9 traceroute: ; ip/traceroute /net/tcp!minooka.coraid.com trying /net/tcp!12.51.113.6!32767 round trip times in µs low avg high -------------------------- 192.168.0.64 175 243 376 192.168.1.254 320 386 509 65.14.248.28 19621 20117 20711 74.253.143.53 21151 22002 22685 205.152.99.98 21649 22016 22468 65.83.238.74 21693 22098 22641 65.83.238.194 22661 23113 23896 12.122.140.198 23143 23939 24520 cr2.attga.ip.att.net 12.122.140.45 169904 201516 222315 gar19.attga.ip.att.net 12.87.45.86 26855 27417 28069 12.51.113.6 26376 26949 27493 by the way, plan 9 dns query tends to do poorly with rfc2672-style reverse ips. it tends to quit on the cname. - erik From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sat, 25 Jul 2009 17:39:52 +0100 From: Salman Aljammaz To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20090725163952.GA25352@finiteless.net> References: <1001eb37c560440120c5c5ad6feaee55@quintile.net> <5d375e920907250543x503b7509t4ffa41e9654a4a78@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5d375e920907250543x503b7509t4ffa41e9654a4a78@mail.gmail.com> User-Agent: Mutt/1.5.19 (2009-01-05) Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2cd49b3a-ead5-11e9-9d60-3106f5b1d025 Uriel wrote: > If your work firewall proxies port 80, then things get trickier, you > could mount sources on the home inferno instance, and then export it > using mjl's httpd as a read-only http 'tree'. assuming you've got openssh, one trick i used to do back in school was run sshd on on port 443. you can then forward specific ports (-L) or even run socks (-D) on ssh. salman From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <20090725163952.GA25352@finiteless.net> References: <1001eb37c560440120c5c5ad6feaee55@quintile.net> <5d375e920907250543x503b7509t4ffa41e9654a4a78@mail.gmail.com> <20090725163952.GA25352@finiteless.net> Date: Sat, 25 Jul 2009 09:55:16 -0700 Message-ID: <7d3530220907250955r56a13db8pf83e00861d4e5c41@mail.gmail.com> From: John Floren To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2ce12382-ead5-11e9-9d60-3106f5b1d025 On Sat, Jul 25, 2009 at 9:39 AM, Salman Aljammaz wrote: > Uriel wrote: >> If your work firewall proxies port 80, then things get trickier, you >> could mount sources on the home inferno instance, and then export it >> using mjl's httpd as a read-only http 'tree'. > > assuming you've got openssh, one trick i used to do back in school was > run sshd on on port 443. > > you can then forward specific ports (-L) or even run socks (-D) on ssh. > > salman > > > If you have even one single port open outgoing, all you need is to get a remote Plan 9/Inferno exporting /net on that port. I did it on port 22 while I was waiting for the import port to be opened. #on the outside box aux/listen1 -t 'tcp!*!22' /bin/exportfs #from the inside import -A tcp!remote!22 /net You're using p9p so your mileage may vary... but the basic concept is sound and allows you to completely avoid the firewall, assuming you can actually use a remote /net on p9p. If not, well, you should run a real Plan 9 :) John -- "I've tried programming Ruby on Rails, following TechCrunch in my RSS reader, and drinking absinthe. It doesn't work. I'm going back to C, Hunter S. Thompson, and cheap whiskey." -- Ted Dziuba From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <20090725163952.GA25352@finiteless.net> References: <1001eb37c560440120c5c5ad6feaee55@quintile.net> <5d375e920907250543x503b7509t4ffa41e9654a4a78@mail.gmail.com> <20090725163952.GA25352@finiteless.net> Date: Sat, 25 Jul 2009 13:56:44 -0300 Message-ID: From: Iruata Souza To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [9fans] plan9port behind corporate firewall with no DNS or port access Topicbox-Message-UUID: 2ce56866-ead5-11e9-9d60-3106f5b1d025 On Sat, Jul 25, 2009 at 1:39 PM, Salman Aljammaz wrote: > Uriel wrote: >> If your work firewall proxies port 80, then things get trickier, you >> could mount sources on the home inferno instance, and then export it >> using mjl's httpd as a read-only http 'tree'. > > assuming you've got openssh, one trick i used to do back in school was > run sshd on on port 443. > > you can then forward specific ports (-L) or even run socks (-D) on ssh. > > salman > > > on unix: % cat .ssh/config Host xxx ProtocolKeepAlives 30 ProxyCommand /path/to/proxytunnel/proxytunnel -p proxyhost:proxyport -P proxyuser:proxypass -d xxx.org % ssh -D localproxyport -Llocaladdress:localport:sources.cs.bell-labs.com:564 user@xxx.org on Plan 9: % srv -nq tcp!localaddress!localport sources /n/sources and there you have it. only tested it for non-authenticated connections. iru