From owner-freebsd-questions@freebsd.org Thu Aug 13 20:10:28 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B7EE3AB72D for ; Thu, 13 Aug 2020 20:10:28 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BSHkB6wd2z3WZ5 for ; Thu, 13 Aug 2020 20:10:26 +0000 (UTC) (envelope-from aryeh.friedman@gmail.com) Received: by mail-il1-x12a.google.com with SMTP id p18so2801142ilm.7 for ; Thu, 13 Aug 2020 13:10:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=N0exn0hYqAxBr3sHo1lmVpC9ySxXVFyrSP+lZQX2evA=; b=Dh+1iU9jK1XIjKtvPUQeq0n2KzNAZq3XGxeefA5QnqbXxTJLcnqTvewEKALR+j68ZJ Sf1XNtOZwBFpzDmdeH7P9JZON5EZty42Z+jPs0IsbL1anwKDESSX8ASGiEtUGWA00kYq 0yiEZi8i0zQKagaSR/SXWtulUQmAPO6DYs8pxIzsIthDs/0b6MvJFUyL80I+C8qSpN/t 4E/UMhVgQ5H2dVrnWzmA28u+MlOn7bPPpk9IYJNKk/84RxDIec0+88trSSwtEWkExYBv 4dCNGm62NJpEeilV0iXvIobWRNpj9ElZGOJFObXYy+ZbiLkUWrB587ujOyTb5BCGy94h Fnhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=N0exn0hYqAxBr3sHo1lmVpC9ySxXVFyrSP+lZQX2evA=; b=UepzCuAwk/hVFnH1TmRwbcPYbN3Kfmi6SAluw1GXmYPu3ETLkf05ABzxnLzoQf6mX/ TB5t2pgQex+AUpnfdWWyI4C4Jx+BSqpvvwBUNNTQef/NAmg74ETjS3LJtH7qIwzD4Ixs 7abYniHBMqtBesiAYPcc9U+nG/+AmauiunZ7PWUvgf6rJfU6MR4mxd9cUEzuZX3MkQI2 L+OIulafqTHsRZXvLU6yyDjnhYm1mUf8gKk6OhEHBM6mn5RsIn+MUxphsnJNjY4wWNzC G1JKsk/M5nElgjQFdxjAchldmYgprkzfUqbdPKGtcLZCMawgpYti2o47RqnwlGal+RKY ySlw== X-Gm-Message-State: AOAM532bUaetNkuiz4bpouBVSgma1Uz9q40Oq311vFnD8YArmxRi3vPw +xuQnBrFXLRRJJTM9TRj8tyIGeqN5ZVYMXNXTl02spAC X-Google-Smtp-Source: ABdhPJytSkdEahh5a6gBMnSuMZTWyBRdJ8SPDfCL/eFbV6JoTbVc7CKHZTsnzvjT25cphHn8R9Zicnn3s62BGE05XL0= X-Received: by 2002:a92:d20c:: with SMTP id y12mr6621311ily.81.1597349425851; Thu, 13 Aug 2020 13:10:25 -0700 (PDT) MIME-Version: 1.0 References: <20200813203039.30400835439935d1e916d0e1@sohara.org> In-Reply-To: <20200813203039.30400835439935d1e916d0e1@sohara.org> From: Aryeh Friedman Date: Thu, 13 Aug 2020 16:10:14 -0400 Message-ID: Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end To: "Steve O'Hara-Smith" Cc: FreeBSD Mailing List X-Rspamd-Queue-Id: 4BSHkB6wd2z3WZ5 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Dh+1iU9j; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of aryehfriedman@gmail.com designates 2607:f8b0:4864:20::12a as permitted sender) smtp.mailfrom=aryehfriedman@gmail.com X-Spamd-Result: default: False [-3.44 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.01)[-1.006]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-1.01)[-1.007]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::12a:from]; NEURAL_HAM_SHORT(-0.43)[-0.429]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2020 20:10:28 -0000 On Thu, Aug 13, 2020 at 3:30 PM Steve O'Hara-Smith wrote: > On Thu, 13 Aug 2020 14:56:43 -0400 > Aryeh Friedman wrote: > > > The hosting company for one of our clients sent the following reply to > > us/them when we asked them to setup end user accounts on a dedicated > > Windows Server, FreeBSD box and CentOS box (all VM's on the same physical > > machine with no other VM's on the physical machine) and being told we > > needed scriptable access (not web based non-scriptable) to the windows > > desktop and shell accounts (including the ability to sudo) and they > agreed > > to provide it: > > Can you ssh *out* from one of the unix boxes ? If so you can tunnel > the rest through the ssh connection. > The block ALL outgoing ports except 25 even between the VM's on the same host. This even if you are using their manaditory VPN access to get to the web portal in the first place (i.e. they even block 10.XXX.XXX.0/24 !?!??!). -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org