That darned firewall..

That darned firewall..

[Andy Eskilsson]

Well ok, the sysadm has closed the firewalls nntp port, so no I have
to use ssh to ssh to a machine outside the firewall and start a telnet
there..

but.. but.. I can use the firewalls http-proxy by pretending I am
opening a secure connection to the newsserver. The question only
is.. how do I do this with the properties of the group..

What I need to do is:
	telnet firewallmachine
	CONNECT news.server.com:nntp HTTP/1.0
and leave the rest to gnus.. any hints.. 

Can the telnet method do this for me or?

	/Andy

p.s. Gauntlet firewall.

Re: That darned firewall..

[Karl Kleinpaste]

This is how I get to remote systems' NNTP ports:

ssh -g -q -f -x -L7878:NewsServer:119 OtherHost sleep 100000000

See man page for details on switches.

This means: ssh will create port 7878 on the local machine.  When
something connects to that, ssh will tunnel to OtherHost, whose
responding sshd will open NewsServer's port 119.  The sleep(1) just
keeps the tunnel alive forever.

Now set your access method to localhost port 7878 and you're done.

You just have to remember to initialize the tunnel when your own
machine boots.

Beware of -g if you don't want your tunnel accessible to the universe.

Re: That darned firewall..

[Stainless Steel Rat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Andy Eskilsson <andy.eskilsson@telelogic.se>  on Wed, 26 May 1999
| Well ok, the sysadm has closed the firewalls nntp port, so no I have
| to use ssh to ssh to a machine outside the firewall and start a telnet
| there..

This is actually quite easy to do:

  (setq gnus-select-method
	'(nntp "news.gweep.net"
	       (nntp-address "sidehack.gweep.net")
	       (nntp-rlogin-program "ssh")
	       (nntp-open-connection-function nntp-open-rlogin)
	       (nntp-end-of-line "\n")
	       (nntp-rlogin-parameters
		("-x" "-C" "telnet" "news.gweep.net" "nntp"))))

| but.. but.. I can use the firewalls http-proxy by pretending I am
| opening a secure connection to the newsserver. The question only
| is.. how do I do this with the properties of the group..

This one I do not know.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE3TEeVgl+vIlSVSNkRAkqpAJ9r7mfjJxUUmu/uCzVK1NNJQXC9QwCg9nMx
Bpuk/U1UTc8Ik0I8UKw4dLo=
=9xNu
-----END PGP SIGNATURE-----

-- 
Rat <ratinox@peorth.gweep.net>    \ Happy Fun Ball contains a liquid core,
Minion of Nathan - Nathan says Hi! \ which, if exposed due to rupture, should
PGP Key: at a key server near you!  \ not be touched, inhaled, or looked at.

Re: That darned firewall..

[Stainless Steel Rat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Karl Kleinpaste <karl@justresearch.com>  on Wed, 26 May 1999
| This means: ssh will create port 7878 on the local machine.  When
| something connects to that, ssh will tunnel to OtherHost, whose
| responding sshd will open NewsServer's port 119.  The sleep(1) just
| keeps the tunnel alive forever.

Handy trick: as long as the tunnelled connection is open, the tunnel will
remain open.

Neater trick: while true; do sleep 1; done
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE3TEjagl+vIlSVSNkRAvaWAJ9HWGe8SyVUsWOiNoqDzWFFi9JxPQCfeHIz
/yREE58npE6v5fedXwT52+o=
=7ZW7
-----END PGP SIGNATURE-----

-- 
Rat <ratinox@peorth.gweep.net>    \ Happy Fun Ball contains a liquid core,
Minion of Nathan - Nathan says Hi! \ which, if exposed due to rupture, should
PGP Key: at a key server near you!  \ not be touched, inhaled, or looked at.

Re: That darned firewall..

[Andy Eskilsson]

*rewind* I have gotten ssh working.. but I wonder if I can connect
drectly through the firewall instead of needing to connect to a
machine 1000km's from here.. 

And I want gnus to automagically to manage the tunnel, not needing to
start an external ssh.

So _instead_ of doing:
	ssh remotemachine (which does telnet firewallmachine; CONNECT remoetmachine:SSH ...)
	telnet news.server.com nntp

I would like:
	telnet firewallmachine
	CONNECT news.server.com:nntp HTTP/1.0

	/Andy

Re: That darned firewall..

[Kai.Grossjohann]

Andy Eskilsson <andy.eskilsson@telelogic.se> writes:

  > I would like:
  > 	telnet firewallmachine
  > 	CONNECT news.server.com:nntp HTTP/1.0

Well, why don't you have a look at nntp-open-telnet?  It does not seem
too complex.  You just make a copy of it and modify as appropriate.
You see quickly where it sends the `open' command to telnet.  Just put
your command there and delete the rest of the function until it waits
for "200 ok" message from the NNTP server.

Or do you find it too difficult to grok that function?

I could try to hack up something, but I can't test it, so maybe it's
better if you try yourself first.  But if you don't know Lisp, I'm
willing to give it a go.

kai
-- 
Abort this operation?   [Abort]  [Cancel]

Re: That darned firewall..

[David S. Goldberg]

> I would like: telnet firewallmachine CONNECT news.server.com:nntp
> HTTP/1.0
Are you sure you can even do this?  Many http proxies limit CONNECT to 
https and snews ports by default and require others to be turned on
individually by hand.
-- 
Dave Goldberg
Post: The Mitre Corporation\MS B325\202 Burlington Rd.\Bedford, MA 01730
Phone: 781-271-3887
Email: dsg@mitre.org

Re: That darned firewall..

[Karl Kleinpaste]

Stainless Steel Rat <ratinox@peorth.gweep.net> writes:
> Handy trick: as long as the tunnelled connection is open, the tunnel
> will remain open.

The point, however, is that I want to create the tunnel once, when I
boot, and not have to think about it again until I boot again.  I read
a few groups directly via this ssh/nntp tunnel, and the same tunnel is
also used for a suck(1) feed into my regular news server, which is run
3x/hour.

> Neater trick: while true; do sleep 1; done

Strikes me as a pointless exercise in process creation.  I prefer
starting one sleep(1) and walking away from the problem.

Re: That darned firewall..

[Brian Edmonds]

Stainless Steel Rat <ratinox@peorth.gweep.net> writes:
> Neater trick: while true; do sleep 1; done

If you've got a particular thing for rotating your process table a
couple times a day, great.  Otherwise sleeping for at least an hour
would seem much more sensible.

Brian.

Re: That darned firewall..

[Stainless Steel Rat]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Brian Edmonds <brian@gweep.bc.ca>  on Fri, 28 May 1999
| If you've got a particular thing for rotating your process table a
| couple times a day, great.  Otherwise sleeping for at least an hour
| would seem much more sensible.

Fine, so:
        while true; do sleep 3600; done
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE3Tvpmgl+vIlSVSNkRAu2xAJ0VszTxsc+hz9Mim6a7sEbd7MSt7wCgx0i8
QdvOdi6yVK91bnp+KwSTm/g=
=oDiP
-----END PGP SIGNATURE-----

-- 
Rat <ratinox@peorth.gweep.net>    \ When not in use, Happy Fun Ball should be
Minion of Nathan - Nathan says Hi! \ returned to its special container and
PGP Key: at a key server near you!  \ kept under refrigeration.