Re: List postings as attachments

To: debian-user@lists.debian.org
Subject: Re: List postings as attachments
From: Richard Cobbe <cobbe@airmail.net>
Date: Fri, 16 Aug 2002 14:21:05 -0500
Message-id: <[🔎] 15709.20641.2855.611358@nanny-ogg.home.rcc>
In-reply-to: <[🔎] 20020815231545.GB22444@linux700.localnet>
References: <[🔎] 002901c243e7$001b7120$0500a8c0@ddegraffT23> <[🔎] 1029368944.2035.55.camel@wh2-19> <[🔎] 20020815151430.1111.qmail@grante.comtrol.com> <[🔎] 011b01c2446f$b5a56810$5b6510ac@flowserve.com> <[🔎] 20020815165000.1526.qmail@grante.comtrol.com> <[🔎] 016101c2447e$bb64d1f0$5b6510ac@flowserve.com> <[🔎] 20020815224149.GB20317@ursine.dyndns.org> <[🔎] 20020815235744.GA20524@mindspring.com> <[🔎] 20020815231545.GB22444@linux700.localnet>

Lo, on Thursday, August 15, Craig Dickson did write:

> Hall Stevenson wrote:
> 
> > Not possible... Proxy/firewall only allows ports 21, 80, 110, and 443
> > (https ??) and maybe some other(s) that I haven't discovered. Hell, port
> > 110 was blocked for a while so I had to use Mindspring's web-based mail
> > program. It was horrid.

Yes, 443 is https; see /etc/services for a list.

> Which firewall is this? Are you saying the firewall at your office won't
> let you have an _outbound_ ssh connection, or that Mindspring is
> blocking inbound ssh to residential customers? Either way, a complaint
> to the relevant authority is merited.

Blocking outbound ssh connections is fairly common, actually.  Keep in
mind that, in a corporate setting, people are often just as concerned
about internal stuff leaving the network as they are with external
crackers getting into the network.  This concern is usually held up as a
justification for that kind of firewall config.

My previous employer did something like this; I imagine this was their
rationale, although I never asked.  I've worked with other companies
where the above was the official line, though.

Disclaimer: I never said these were *good* reasons; they're just the
reasons people usually cite for blocking outgoing connections.  I find
it pretty ridiculous, myself.  First, if somebody has a web site on a
non-standard port, you can't get to them.  Second, Craig's suggestion
below works very nicely.

> Have you thought of doing something sneaky like configuring your home
> sshd to run on port 21 or 443? That might work if the firewall is merely
> letting traffic on those ports through, rather than proxying.

When I was at my previous company, I just ran sshd on port 443; they
didn't have any sort of proxy on that port.  Originally, I ran it on
port 21, but they slapped a proxy firewall on outgoing FTP connections.

Works beautifully, and as another poster noted, once you've got an ssh
connection established, you can tunnel arbitrary TCP communications
across that connection, so the door's wide open at that point.

Richard

Reply to:

Follow-Ups:
- Re: List postings as attachments
  - From: Hall Stevenson <hallstevenson@mindspring.com>
- Re: List postings as attachments
  - From: Ron Johnson <ron.l.johnson@cox.net>

References:
- List postings as attachments
  - From: "David De Graff" <debian@platformglobal.com>
- Re: List postings as attachments
  - From: Claudio Bley <bley@cs.uni-magdeburg.de>
- Re: List postings as attachments
  - From: grante@visi.com (Grant Edwards)
- Re: List postings as attachments
  - From: "Hall Stevenson" <hallstevenson@mindspring.com>
- Re: List postings as attachments
  - From: grante@visi.com (Grant Edwards)
- Re: List postings as attachments
  - From: "Hall Stevenson" <hallstevenson@mindspring.com>
- Re: List postings as attachments
  - From: Paul Johnson <baloo@ursine.dyndns.org>
- Re: List postings as attachments
  - From: Hall Stevenson <hallstevenson@mindspring.com>
- Re: List postings as attachments
  - From: Craig Dickson <crdic@pacbell.net>

Prev by Date: nfsd CPU usage issue
Next by Date: Mounting ISO9660 read-write?
Previous by thread: Re: List postings as attachments
Next by thread: Re: List postings as attachments
Index(es):
- Date
- Thread