Re: [LARTC] Setting up an ip-tunnel

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Patrick,

 : Wouldn't think it to be a problem as it's just a firewall sitting in the
 : way of the private computers of students at our collage and they haven't
 : setup any rules of this kind.

This is your call.  There are technical solutions to allow for tunnelling,
but you should be certain that you are not subverting your organizations
security policy.

 : > Here's an example of using GRE tunnels ("ip tunnel"):
 : >
 : >   http://lartc.org/howto/lartc.tunnel.gre.html#AEN333
 :
 : This tutorial assumes that I have control over the routers connecting
 : the different LANs together. Unfortunately I don't think they (the
 : admins hosting the firewall) would honour my request for them to setup
 : a ip-tunnel for me specifically.

If your GRE packets from the two hosts you control can traverse the
firewall, then you can create a tunnel between the two hosts.  If the
firewall prevents you from passing IP protocol 47 (GRE) bidirectionally,
then you'll need to look at other solutions.  You do not need control over
the firewall to use GRE tunnels.

 : As I haven't setup an ip-tunnel before I have no idea if it's even
 : possible to do so if I don't have control over the firewall I'm behind.
 : Is it or am I out of luck? Is it in that case possible in _any_ way for
 : the computer with the public ip to communicate with the one behind the
 : firewall "directly"?

Yes.

 : > Have you thought of using ssh port forwarding?
 :
 : Haven't looked into it so much but as I understand you'll have to
 : control the firewall and setup ssh-forwarding there for it to work, and
 : I haven't got that control.

[ assume:  box S behind firewall, box P in front of firewall ]

The questions you should be asking yourself now are as follows:

  - what types of packets can I send from S to P
  - what types of packets can I send from P to S
  - what types of tunnels can I create with these packets

Quick and dirty summary:

  - IPSec, IP protocols 50, 51, and UDP(7)/500
  - CIPE, UDP(7)/<your-choice-of-port>
  - ssh tunnel, TCP/22, embedded or MUX'd tunnel
  - GRE tunnel, IP protocol 47

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux