From owner-freebsd-questions@freebsd.org  Fri Jan 13 15:45:38 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5121ACAD263
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 13 Jan 2017 15:45:38 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71])
 by mx1.freebsd.org (Postfix) with ESMTP id 2F30E1143
 for <freebsd-questions@freebsd.org>; Fri, 13 Jan 2017 15:45:37 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: by cosmo.uchicago.edu (Postfix, from userid 48)
 id A4BF4CB8CA0; Fri, 13 Jan 2017 09:45:36 -0600 (CST)
Received: from 128.135.52.6 (SquirrelMail authenticated user valeri)
 by cosmo.uchicago.edu with HTTP;
 Fri, 13 Jan 2017 09:45:36 -0600 (CST)
Message-ID: <26405.128.135.52.6.1484322336.squirrel@cosmo.uchicago.edu>
In-Reply-To: <CAE63ME4WAZ5rG-5g4+BrJePnKK-shsowhYdfq_kNev+j5DUCwg@mail.gmail.com>
References: <C163417C-8640-4D45-A54C-002697B84F79@kukulies.org>
 <CAE63ME4WAZ5rG-5g4+BrJePnKK-shsowhYdfq_kNev+j5DUCwg@mail.gmail.com>
Date: Fri, 13 Jan 2017 09:45:36 -0600 (CST)
Subject: Re: tunneling ports
From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To: "Damien Fleuriot" <ml@my.gd>
Cc: "Christoph Kukulies" <kuku@kukulies.org>,
 "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Reply-To: galtsev@kicp.uchicago.edu
User-Agent: SquirrelMail/1.4.8-5.el5.centos.7
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jan 2017 15:45:38 -0000


On Fri, January 13, 2017 4:46 am, Damien Fleuriot wrote:
> On 13 January 2017 at 11:13, Christoph Kukulies <kuku@kukulies.org> wrote:
>> I don't know if this could be easily achieved, but imagine the situation
>> that you are in a network and the only ports being allowed for outgoing
>> traffic into the Internet are ports 80 and 443.
>
> Well well... somebody's trying to circumvent their netadmin's
> firewalls are they not ?
>
> It is not my place to question your motives, all I can offer is
> technical advice along with a warning.
>
> If your netadmin has somewhat advanced measures in place such as a
> transparent SSL proxy, you will get caught.
> And if I caught you doing that, I'd nuke your account on the spot.
> Just FYI ;)

I would second that. I had a user on my server who was piercing firewall
of external place (at his new job) using ssh to my server with port
forwarding. I couldn't kick him out (sigh), but I disabled his ability to
forward ports on my server (sysadmins usually will take the side of
another sysadmin than rogue user). And restricted his account in many
other respects. You go some place to work at, you accept their rules, all
comes as a bundle.

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++