From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 24 12:00:28 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E414237B407 for ; Thu, 24 Jul 2003 12:00:28 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00CFB43F85 for ; Thu, 24 Jul 2003 12:00:28 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h6OJ0PkN034064; Thu, 24 Jul 2003 12:00:25 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h6OJ0P2j034063; Thu, 24 Jul 2003 12:00:25 -0700 (PDT) (envelope-from rizzo) Date: Thu, 24 Jul 2003 12:00:25 -0700 From: Luigi Rizzo To: Diomidis Spinellis , freebsd-hackers@freebsd.org Message-ID: <20030724120025.A33961@xorpc.icir.org> References: <3F1F96A5.A7D2D221@aueb.gr> <20030724021426.A28546@xorpc.icir.org> <3F1FBD35.82A3629E@aueb.gr> <20030724173640.GA10708@funkthat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030724173640.GA10708@funkthat.com>; from gurney_j@efn.org on Thu, Jul 24, 2003 at 10:36:41AM -0700 Subject: Re: Network pipes X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jul 2003 19:00:29 -0000 On Thu, Jul 24, 2003 at 10:36:41AM -0700, John-Mark Gurney wrote: > Diomidis Spinellis wrote this message on Thu, Jul 24, 2003 at 14:04 +0300: > > separate command "netpipe". Netpipe takes as arguments the originating > > host, the socket port, the command to execute, and its arguments. > > Netpipe opens the socket back to the originating host, redirects its I/O > > to the socket, and execs the specified command. > > This breaks nat firewalls. It is very common occurance to only accept > incoming connections, and only on certain ports. This means any system > of firewill will probably be broken by this. :( actually it is the other way around -- this solution simply won't work on firewalled systems. But to tell the truth, i doubt you'd do a multi-gb backup through a nat and be worried about the encryption overhead. cheers luigi > i.e. behind a nat to a public system, the return connection can't be > established. From any system to a nat redirected ssh server, the > incoming connection won't make it to the destination machine. > > I think this should just be a utility like Luigi suggested. This will > help "solve" these problems. > > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not."