Date: Fri, 13 Jan 2017 16:57:12 +0100 From: Polytropon <freebsd@edvax.de> To: galtsev@kicp.uchicago.edu Cc: "Damien Fleuriot" <ml@my.gd>, Christoph Kukulies <kuku@kukulies.org>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: tunneling ports Message-ID: <20170113165712.eb279260.freebsd@edvax.de> In-Reply-To: <26405.128.135.52.6.1484322336.squirrel@cosmo.uchicago.edu> References: <C163417C-8640-4D45-A54C-002697B84F79@kukulies.org> <CAE63ME4WAZ5rG-5g4%2BBrJePnKK-shsowhYdfq_kNev%2Bj5DUCwg@mail.gmail.com> <26405.128.135.52.6.1484322336.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Jan 2017 09:45:36 -0600 (CST), Valeri Galtsev wrote: > > On Fri, January 13, 2017 4:46 am, Damien Fleuriot wrote: > > On 13 January 2017 at 11:13, Christoph Kukulies <kuku@kukulies.org> wrote: > >> I don't know if this could be easily achieved, but imagine the situation > >> that you are in a network and the only ports being allowed for outgoing > >> traffic into the Internet are ports 80 and 443. > > > > Well well... somebody's trying to circumvent their netadmin's > > firewalls are they not ? > > > > It is not my place to question your motives, all I can offer is > > technical advice along with a warning. > > > > If your netadmin has somewhat advanced measures in place such as a > > transparent SSL proxy, you will get caught. > > And if I caught you doing that, I'd nuke your account on the spot. > > Just FYI ;) > > I would second that. I had a user on my server who was piercing firewall > of external place (at his new job) using ssh to my server with port > forwarding. I couldn't kick him out (sigh), but I disabled his ability to > forward ports on my server (sysadmins usually will take the side of > another sysadmin than rogue user). And restricted his account in many > other respects. You go some place to work at, you accept their rules, all > comes as a bundle. A totally valid point of view. Lacking a "backstory" for the original question, it's possible as well that the user is in a "web-only" or "mobile first" network (which doesn't even have to be a _work_ environment) where everything has to be HTTP(S), because nothing else exists. This seems to be a common mindset in wireless networks which are only intended for people with smartphones, because a normal computer cannot connect to WLAN because it doesn't have a WLAN cable. Then some kind of lazy and uneducated "admin person" found a setting in the firewall called "The Internet" and activated it... ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170113165712.eb279260.freebsd>