-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 By "setup IP over IP tunneling," I mean exactly that. Specifically, enable IP: tunneling (CONFIG_NET_IPIP) in the kernel, either rebuild and reinstall the kernel, or compile and install the ipip.o module (depending on your choice), load the ipip module, if it is a module, and carry out the appropriate steps to configure the tunl0 interface. If this still isn't clear, then I'm sorry, but I can't make it any clearer then that. As for your suggestion, it is appreciated, but it falls short of what I'm looking for. What you were doing, is circumventing a firewall, to gain access to a remote machine, machine b for our purposes, to a service running on a non-standard port. What I need goes beyond that, by allowing me to connect to any host on the internet, making it appear as if the connection is originating on an IP address on machine B's network. This IP address would be supplied as part of the tunnel configuration, the way I understand the setup now. Specifically, the way I understand things about ip over ip now, there would be 2 private addresses, one for each end of the tunnel on each host. The tunnel runs through the regular ethernet interface (I.E. eth0, or eth1), and encapsulates ipv4 in ipv4. The machine on the other end, machine b, receives whatever came through the tunnel from machine a, decapsulates it, and forwards it to the internet, for which probably iptables would be used. Greg On Tue, Aug 10, 2004 at 10:16:44PM -0400, Janina Sajka wrote: > I'm not sure what you mean by "setup IP over IP tunneling," but I can > tell you what I do in various circumstances. It's not kernel based as > much as it is ssh based, and relies on the -L and/or -R switches for > ssh. For example, where I worked recently, the closed access to the > internal network so that I could no longer ssh in. I got around that by > doing: > > while true; do > ssh -R 23258:localhost:23 66.92.170.XX > done > > from the machine on the inside that I wanted to get to while off > somewhere around the world. Here's what this command means. Consider the > outside elements, 'ssh 66.92.170.XX." That part is certainly clear, and > does as you expect. It establishes a connection from the machine where > the command is issued to the machine at 66.92.170.XX. The wrapper script > "while true do" just insures that the link gets re-established should it > go down for some reason. > > The inner portion says "take the remote port 23258 on localhost and send > it back here on port 23." In other words, I could, on the machine that > is 66.92.170.xx, type: > > telnet localhost 23258 > > and get a telnet login back to that machine inside the firewall. > > It worked like a charm. > > Other uses for this kind of syntax might include forwarding mail, or > real audio (or speak freely) ports. Whatever. > > I hope this is clear, at least as clear as mud and that it's somewhat > helpful. > - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBGliU7s9z/XlyUyARAmVxAKDLlbyIJznyLzQXn+0CVPPiLNSsPACfcY9R HrLp1k0NzC17zT8XgBD44sk= =99gH -----END PGP SIGNATURE-----