[YLUG] Tunneling

Roger Leigh rleigh at whinlatter.ukfsn.org
Fri Oct 12 21:05:01 BST 2007


"Paul Elliott" <omahns.home at gmail.com> writes:

> Hi Harry,
>
> On 11/10/2007, Harry Mills <mail at hjmills.co.uk> wrote:
>
>     Does this mean that if my PC has a 144.32 IP address then it will be
>     available on the net etc if I run a web server etc or does the
>     university have a firewall stopping all traffic to any IPs in the range
>     that shouldn't be public?
>
> All the traffic is firewalled from external access except where
> permitted, so no, you will not be able to access your machine from
> the net.

If there's a good reason for running services accessible to the
general public, is it possible to ask the Computing Service for
permission to allow it through the firewall?

While the firewall is there for a good reason, there are several
interesting approaches to getting around it, should you want to try.
One easy solution is to set up IPv6 networking such that you have a
globally scoped and routeable IPv6 address.  Then, you can put all the
public-facing stuff on your IPv6 interface and it goes straight
through the firewall through six-in-tunnel (SIT) TCP socket connection
to the tunnel endpoint.  You can even additionally set up a VPN to
somewhere off campus and then tunnel IPv6 over that if the firewall
blocks the IPv6 tunnel port (I can verify this works--but I haven't
tried it at the University, only at home).

Have a look at SiXXS and AICCU, noc.sixxs.net.  Note the nearest
endpoint is in Dublin (iedub01).

One annoying feature of the firewall is how it blocks direct encrypted
secure shell connections, yet allows insecure plaintext FTP!  SSH
access to Biology systems would be quite useful for me.  Although I
don't have access currently, indirect access via ssh.york.ac.uk breaks
scp, sftp and SVN and GIT over SSH.  All of these would be pretty
useful, given all my work is stored in GIT repositories!


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://mailman.lug.org.uk/pipermail/york/attachments/20071012/6b5b8490/attachment.bin


More information about the York mailing list