Re: exim help needed

To: debian-user@lists.debian.org
Cc: Krzys Majewski <majewski@cs.ubc.ca>
Subject: Re: exim help needed
From: Carel Fellinger <cfelling@iae.nl>
Date: Tue, 31 Oct 2000 23:58:52 +0100
Message-id: <20001031235851.C5049@animus.fel.iae.nl>
Mail-followup-to: debian-user@lists.debian.org, Krzys Majewski <majewski@cs.ubc.ca>
In-reply-to: <Pine.LNX.4.21.0010302012330.31320-100000@localhost>; from majewski@cs.ubc.ca on Mon, Oct 30, 2000 at 08:17:21PM -0800
References: <20001022230110.A7431@animus.fel.iae.nl> <Pine.LNX.4.21.0010302012330.31320-100000@localhost>

On Mon, Oct 30, 2000 at 08:17:21PM -0800, Krzys Majewski wrote:
...
> > Just curious, what tricks do you use to create this port forwarding?
> > And is it created on the fly? 
> 
> I create the pipes in /etc/network/interfaces:
> 
>      up sleep 3 && /etc/init.d/tcp-pipes start && /usr/local/sbin/sync-date
>      down /etc/init.d/eam  tcp     nowait  carel   /usr/bin/ssh    /usr/bin/ssh iae bin/nc mail.iae.nl eam  tcp     nowait  carel   /usr/bin/ssh    /usr/bin/ssh ire bin/nc uucp.iae.nl uucp-pipes stop

Ah neat, again a different approach.

...
>     SSHARGS="${SSHFLAGS} -l ${USER} -L ${LOCALPORT}:${DEST}:${REMOTEPORT} ${HOST} ${PIPE}l"

what is this ${PIPE}l? some program you run on the other side?
I would have expected something like "sleep forever".

...snipped a lot of code to deal with pide's

The problem with your way for me I think is that my ISP is flacky, so
the connections would get brooken all to often, and I don't know whether
the up and down scripts would get run, I'm not even sure whether such
breakdowns would go unnoticed by the network layer on my firewall or
automagically repaired. An other problem seems to me that you expect
that at your school the ${PIPE}l magic program runs forever, whereas
even my more reliable second isp is not that reliable:(, more over
I don't feel comsy with those pipes open all the time (silly I know)

So I did it differently using tcp-wrappers/inetd, like this:

In /etc/services I added lines like "isp-smtp  100025/tcp". Numbers
above 100000 go beyond the specs, but they seam to work here and
no-one else is likely to use them, so no conflicts expected:)

In /etc/inetd.conf I added long-one-liners like:
isp-smtp   stream  tcp  nowait  carel\
    /usr/bin/ssh   /usr/bin/ssh isp bin/nc mail.isp.nl smtp

At my reliable ips I have compiled nc (netcat) and put it in ~/bin/nc.
I'm quit sure that rlogin instead of nc will work too, but I didn't try.
I've setup keys and ~/.ssh/config so that my local user carel can "ssh isp"
and wines-up being login-ed into my differently named account at my isp
without password hassels.

So whenever someone locally tries to connected to one of those isp-* ports
a secure connection to my isp is created using my local carel's ssh setup
and once he/she is done the connection is closed again.

I think this is reasonable secure, as I allow everbody locally to use news
and mail anyhow and my isp's imap/pop3 service is still password-protected.

-- 
groetjes, carel

Reply to:

Follow-Ups:
- Re: exim help needed
  - From: Krzys Majewski <majewski@cs.ubc.ca>

References:
- Re: exim help needed
  - From: Carel Fellinger <cfelling@iae.nl>
- Re: exim help needed
  - From: Krzys Majewski <majewski@cs.ubc.ca>

Prev by Date: Re: [OT] Mozilla and JunkBuster
Next by Date: Re: rolling a kernel for a different machine
Previous by thread: Re: exim help needed
Next by thread: Re: exim help needed
Index(es):
- Date
- Thread