From owner-freebsd-current@FreeBSD.ORG Thu Aug 16 11:22:59 2007 Return-Path: Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2DF316A417 for ; Thu, 16 Aug 2007 11:22:59 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2001:1b20:1:3::1]) by mx1.freebsd.org (Postfix) with ESMTP id 2AA3C13C47E for ; Thu, 16 Aug 2007 11:22:58 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (ofybur@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l7GBMeoQ097704; Thu, 16 Aug 2007 13:22:45 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l7GBMd2f097695; Thu, 16 Aug 2007 13:22:39 +0200 (CEST) (envelope-from olli) Date: Thu, 16 Aug 2007 13:22:39 +0200 (CEST) Message-Id: <200708161122.l7GBMd2f097695@lurza.secnetix.de> From: Oliver Fromme To: freebsd-current@FreeBSD.ORG, Kris Kennaway , Randall Stewart , Kip Macy , Julian Elischer In-Reply-To: <20070815013342.GA25882@rot26.obsecurity.org> X-Newsgroups: list.freebsd-current User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Thu, 16 Aug 2007 13:22:46 +0200 (CEST) X-Mailman-Approved-At: Thu, 16 Aug 2007 11:27:48 +0000 Cc: Subject: Re: IP over HTTP? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2007 11:22:59 -0000 Kris Kennaway wrote: > Randall Stewart wrote: > > Julian Elischer wrote: > > > Kip Macy wrote: > > > > Randall Stewart wrote: > > > > > [IP over HTTP] > > > > > Just curious.. as anyone did this on BSD? > > > > > > > > I can guess. I believe there is an IPoDNS netgraph module floating > > > > around that *might* make a good reference. > > > > > > hmm OMG > > > /usr/ports/net/iodine !! > > > > Perfect... > > > > With some hacking I can use this as a starting point to make > > it run over web.. > > You mean like www/httptunnel? :) > > Basically all you need is a method of bidirectionally passing data > over whatever lower layer you want, then you can run ppp(8) over it. Or use ssh(1)'s -w option on top of www/httptunnel to forward a tun(4) interface through the http connection. It's dead easy. You can even set up a http tunnel with tools from the base system only, without needing anything from the ports collection. Just add this line to your ssh config: ProxyCommand /usr/bin/nc -X connect -x $PN:$PP %h %p where $PN is the proxy name and $PP is the proxy port. The use this command to establish an IP tunnel to $REMOTE_HOST (port 22): ssh -w any:any $REMOTE_HOST Or, if a different port $SSH_PORT is used: ssh -w any:any -p $SSH_PORT $REMOTE_HOST It will allocate one tun(4) device locally and one remote, which you then can configure with ifconfig(8). Requires root priviledges, of course. Note, however, that some HTTP proxies are configured to disallow connections to arbitrary ports, for security reasons. If that's the case for you, run you sshd server on port 443 wich should always be allowed by proxies (only possible if you don't already run a HTTPS server on port 443, of course). Note that you can have multiple "port" commands in your sshd_config, i.e. you can run your sshd server on both the standard port 22 and port 443. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Python tricks" is a tough one, cuz the language is so clean. E.g., C makes an art of confusing pointers with arrays and strings, which leads to lotsa neat pointer tricks; APL mistakes everything for an array, leading to neat one-liners; and Perl confuses everything period, making each line a joyous adventure . -- Tim Peters