From owner-freebsd-hackers Fri Jan 25 10:33:33 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tharmas.rintrah.org (dhcp065-031-016-002.insight.rr.com [65.31.16.2]) by hub.freebsd.org (Postfix) with SMTP id 34CBE37B416 for ; Fri, 25 Jan 2002 10:33:28 -0800 (PST) Received: (qmail 22221 invoked by uid 1000); 25 Jan 2002 18:36:07 -0000 Date: Fri, 25 Jan 2002 13:36:07 -0500 From: freebsd-hackers@remdesign.net To: "Grover, Andrew" Cc: freebsd-hackers@freebsd.org Subject: Re: How can I run CVSup through a firewall? Message-ID: <20020125133607.A21690@tharmas.rintrah.org> References: <59885C5E3098D511AD690002A5072D3C02AB7BE6@orsmsx111.jf.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <59885C5E3098D511AD690002A5072D3C02AB7BE6@orsmsx111.jf.intel.com>; from andrew.grover@intel.com on Fri, Jan 25, 2002 at 10:12:34AM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jan 25, 2002 at 10:12:34AM -0800, Grover, Andrew wrote: > It is a little tricky (IMHO) to set up, but you can use m3socks to allow > cvsup to use a SOCKS proxy, if you have one of those. I'm also behind a > firewall so that is what I did. > > Regards -- Andy > > > From: Ladislav Kostal [mailto:ladislav.kostal@fem.uniag.sk] > > On Fri, 25 Jan 2002, Dariush Azimi wrote: > > > I can not access the internet without going through the firewall. > > > > I use to run small redirector (plug) on server with public IP > > address and > > then on client cvsup -g -L 2 -P m /etc/cvsupfile. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message man cvsup gives a couple more ideas: USING ssh PORT FORWARDING As an alternative to SOCKS, a user behind a firewall can penetrate it with the TCP port forwarding provided by the Secure Shell package ssh. The user must have a login account on the CVSup server host in order to do this. The procedure is as follows: 1. Establish a connection to the server host with ssh, like this: ssh -f -x -L 5999:localhost:5999 serverhost sleep 60 Replace serverhost with the hostname of the CVSup server, but type `localhost' literally. This sets up the required port forwarding. You must start cvsup before the 60-second sleep finishes. Once the update has begun, ssh will keep the forwarded channels open as long as they are needed. 2. Run cvsup on the local host, including the arguments `-h localhost' on the command line. and CVSup AND FIREWALLS In its default mode, cvsup will work through any firewall which permits outbound connections to port 5999 of the server host. With slightly more permissive firewall rules it may be possible to use passive mode or one of the other modes, for a very slight gain in efficiency. See the description of the -P option for details. For more information on using CVSup with specific kinds of firewalls, see the CVSup FAQ at . --devin -- Mathematicians are like Frenchmen: whatever you say to them they translate into their own language, and forthwith it is something entirely different. -- Johann Wolfgang von Goethe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message