Sorry about this but I need a little help to defeat a fairly draconian packet filter on our network ... and you're all so smart ...
Anyway, I'm on machine A, and all attempted connections between the outside world and A get dropped. I can ssh/rsh/telnet/anything to Unix machine B, and run any program I like on it (though not as root), and packets from machineB can get to the outside world. So I want to route my packets via machineB
Is there a routing rule / IPFW rule / user mode program that I can use to selectively reroute my packets so I'd write:
[gowen@machineA]$ reroute machineB:7272 netscape http://www.wikipedia.org
and all the network requests would be transparently proxied port 7272 on machineB (where I was running a program that then sent the packets out into the ether). To be honest, I don't know enough about networking to know if this is even possible.
I'm root on machineA, but not machineB.
And no, the firewall isn't there to stop me doing this ... its a "temporary" stopgap since some of our machines got used in a DDoS attack. Unfortunately, "temporary" has a tendency to mean "policy will probably be repealed before heat death of universe".
I don't know a precise answer, but I think you can do something like this with ssh port forwarding capabilities.
See, for example: http://www.ssh.com/products/ssh/administrator30/Port_Forwarding.html
And this is apparently a detailed explanation: http://csociety.ecn.purdue.edu/~sigos/projects/ssh/forwarding/
Don't ask *me* any details. I had something similar to this done *for me* by someone in the past, but I didn't research it then to understand all the details.
Jimmy Wales jwales@bomis.com writes:
I don't know a precise answer, but I think you can do something like this with ssh port forwarding capabilities.
See, for example: http://www.ssh.com/products/ssh/administrator30/Port_Forwarding.html
And this is apparently a detailed explanation: http://csociety.ecn.purdue.edu/~sigos/projects/ssh/forwarding/
Thanks Jimmy, those links were exactly what I needed to get myself mainling Usenet again.
On Tue, 2002-09-17 at 05:00, Gareth Owen wrote:
Jimmy Wales jwales@bomis.com writes:
I don't know a precise answer, but I think you can do something like this with ssh port forwarding capabilities.
See, for example: http://www.ssh.com/products/ssh/administrator30/Port_Forwarding.html
And this is apparently a detailed explanation: http://csociety.ecn.purdue.edu/~sigos/projects/ssh/forwarding/
Thanks Jimmy, those links were exactly what I needed to get myself mainling Usenet again.
I hope you're going to add this knowledge to Wikipedia....
wikitech-l@lists.wikimedia.org