From owner-freebsd-questions  Thu Jan 31 11:38:36 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from wasp.eng.ufl.edu (wasp.eng.ufl.edu [128.227.116.1])
	by hub.freebsd.org (Postfix) with ESMTP id A0D9537B416
	for <questions@freebsd.org>; Thu, 31 Jan 2002 11:38:26 -0800 (PST)
Received: from eng.ufl.edu (scanner.engnet.ufl.edu [128.227.152.221])
	by wasp.eng.ufl.edu (8.9.3/8.9.3) with ESMTP id OAA07255;
	Thu, 31 Jan 2002 14:38:19 -0500 (EST)
Message-ID: <3C599D2B.2324D9BF@eng.ufl.edu>
Date: Thu, 31 Jan 2002 14:38:19 -0500
From: Bob Johnson <bob@eng.ufl.edu>
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en, eo
MIME-Version: 1.0
To: fybar@hotmail.com
Cc: questions@freebsd.org
Subject: Re: more: vpn from behind firewall
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> Date: Thu, 31 Jan 2002 05:59:10 +0000
> From: "Trevor Osatchuk" <fybar@hotmail.com>
> Subject: more: vpn from behind firewall
> 
> It has been suggested that my description was vague, so I hope this will 
> clarify.
> 
> 
> ______       _________                ________
> |my    |     | firewall|              |my home |
> |laptop|-----| on ski  |------WWW-----|firewall|--- Home Network
> |______|     |__hill___|              |________|
> 
> I am on vacation and am attempting to send and recieve email.  Now, I can 
> get my email, but am having trouble sending.  I want to put my laptop onto 
> my lan via vpn so that I can send eamil from my home account.  Also, I want 
> to have access to my computers behind the firewall.  I have been given a 
> 192.168.1.x ip, so I am behind a nat or proxy, not sure.  Is there a way 
> that I can set up a vpn from where I am?  Or, can I use my firewall as a 
> proxy?  Can I set up a ssh tunnel to my firewall and then foward that port 
> on my firewall to the appropriate mail/news servers?
> 

I'm not sure if you mean your laptop address is 192.168.1.x, or if 
that's the address of your home system.  

Anyway, if you can find out the IP number of your home network, AND 
your home firewall has been configured to accept SSH connections or 
pass them on to a system inside your network, then the following 
should get you on the right track:

Since you can get email already (probably via POP3), we will ignore it 
for now, although we'll come back to it later.

To send mail, you need to be able to make an SMTP (port 25) connection 
to your ISP's mail host (or your home network's host if it runs one).  
This is the host that your email program uses for "SMTP host" or as 
the outgoing mail server, or whatever they call it.  Let's assume 
that your home network address is 116-customer-dsl.example.net (or 
you could use the IP number).  And, let's assume that your ISP's mail 
host is called smtp.example.net.  Then, using SSH, do something like

ssh -L 25:smtp.example.net:25 116-customer-dsl.example.net

on your laptop, and set your email program to use 127.0.0.1 as 
its SMTP host.  This sets up an encrypted connection from your 
laptop to 116-customer-dsl.example.net and then uses it to 
forward any connections to port 25 on your laptop to smtp.example.net 
(although data moving between your home system and the smtp host 
will not be encrypted).

You can do the same thing with port 110 (the POP3 port) and use 
it to read your mail so that your password and mail will be 
encrypted if someone is snooping on the local network where you 
happen to have your laptop connected.

If you don't have access to your home network, ANY host that you 
can SSH into AND which is allowed to send mail via your ISP's 
SMTP host will work (e.g. a friend's system).  Obviously, all 
of this is much easier to set up and test if you have someone 
sitting at your home system to figure out what IP number you 
need to use, and making sure the firewall is configured to allow 
this.  If you are already on vacation, you may have to stick with 
using Hotmail to send your email, until you can get back home 
and figure out the details of how your home network is set up.

Of course, there is a third, and probably easier solution: ask 
the people who run the network on the ski hill what you should 
use for your outgoing SMTP host.  You aren't the only person 
with that problem, and they should have a local one set up for 
you to use.  Just set your email program to use whatever they 
tell you.

> Thanks,
> 
> fybar
> 

- Bob

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message