[YLUG] Tunneling

Roger Leigh rleigh at whinlatter.ukfsn.org
Sat Oct 13 23:43:49 BST 2007


Harry Mills <mail at hjmills.co.uk> writes:

> Roger Leigh wrote:

>> While the firewall is there for a good reason, there are several
>> interesting approaches to getting around it, should you want to
>> try.  One easy solution is to set up IPv6 networking such that you
>> have a globally scoped and routeable IPv6 address.
[...]
>> Have a look at SiXXS and AICCU, noc.sixxs.net.  Note the nearest
>> endpoint is in Dublin (iedub01).

> So are you saying they don't block IPv6 traffic so I could have an
> IPv6 address that was open to the web with a bit of configuration?

Yes.  IPv6 is completely separate from IPv4.  You are tunnelling the
IPv6 link over an IPv4 connection which traverses the firewall (you
can initiate it from inside to the tunnel broker on the outside),
thereby bypassing any restrictions on IPv6 routing.  You would be
completely responsible for firewalling and securing your system
however, given that your IPv6 interface would be open to the world.

> If so do you know where I could find a guide and can I setup and
> IPv6 address using the DHCP server or does the DHCP server only
> issue IPv4 addresses? I apologize in advance for my lack of
> knowledge in this area.

DHCP is irrelevant in this case.  That's for automatic setup of IPv4
interfaces (IPv6 support in ISC dhcpd is currently in the works, but
the University DHCP server won't issue you with an IPv6 address).  See
the documentation on the SiXXS site, as well as the general Linux IPv6
HOWTO/FAQs.

> Could you get around the sftp etc issues by tunneling the connection
> with something like:
> 	$ ssh abc123 at ssh.york.ac.uk -L 1234:ssh.example.com:22
> Then just sftp to localhost port 1234? I don't know if this works but
> ssh tunneling seems to have worked for me for everything else I have
> tried.

Possibly, but not practical for everyday use.  When I push/pull from a
GIT repository, I want to use the real hostnames, which are stored in
your GIT tree when you clone.  GIT does also not allow specification
of a port number, AFAICS, which breaks this completely.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://mailman.lug.org.uk/pipermail/york/attachments/20071013/64239523/attachment.bin


More information about the York mailing list