The easiest way would probably be to do the following:
On the remote linux host, run SSH on port 80 (or possibly use netcat to
forward port 80 to port 22 or look into iptables REDIRECT target).
Then if you want to be able to use telnet (which isn't necessary if you
are running ssh to the box but maybe there is some other need for telnet
like automation of something, "I don't want to know" ;)
Then run ssh on the internal box:
ssh -p 80 -L 2023:localhost:23 <outsideboxip>
Then on the local box you can "telnet localhost 2023" and you will be
magically connected to port 23 on the outside box but over an encrypted
tunnel.
If you don't have OpenSSH on the windows box you can use putty for port
forwarding, I think.
Disclaimer: I hold no responsability for what this technique is being used
for. I like giving solutions, I don't want to know why. :)
For more info "man ssh" or
http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html
-Damon-
On Tue, 21 Jun 2005, [iso-8859-1] Bruno Negrão wrote:
Hi Ron,
Thanks for the warning. Actually, we already tried to create a PPTP vpn from
that client to my gateway server, but the remote network administrator
couldn't manage his equipment to let the appropriate packages to pass. (he
doesn't understand GRE no way).
I will inform him we're setting up this new vpn tunnel. I just don't want to
ask him to move, since he doesn't have the skills to make it.
Damon, thanks for the note on the ssh tunnel. Can you point me a document to
look for this kind of configuration?
Regards,
Bruno.
----- Original Message ----- From: "R. DuFresne" <dufresne@xxxxxxxxxxx>
To: "Damon Gray" <dgray@xxxxxxxxxxxx>
Cc: "Bruno Negrão" <vpopmail@xxxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, June 21, 2005 4:49 PM
Subject: Re: Tunneling other protocols over TCP port 80
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 21 Jun 2005, Damon Gray wrote:
Bad security policies aside.... :)
You could always run the telnet server on port 80. Or run netcat (aka nc)
on
the box on port 80 redirecting to port 23.
He could, if he wanted to really violate the policies in place and tunnel
traffic in the clear. he's actually asking about something that would be
deemed a tad more seucre/private in nature, though still likely a
violation os the security policies currently in place and thus subjecting
himself to likely termination once the tunnel was discovered, let alone
potential prosecution.
Thanks,
Ron DuFresne
On Tue, 21 Jun 2005, [iso-8859-1] Bruno Negrão wrote:
Hi guys,
I need to create a VPN to my linux server from a remote
workstation(windows) inside a private network of another company. The LAN
where the workstation is located is protected by a firewall. This
firewall
only lets pass through outgoing traffic to port 80(http).
I need this workstation to telnet a telnet server inside my private
network. Is it possible to set up a tunnel over port 80 to create a VPN
between the workstation and my gateway, so that the workstation can
telnet
my internal server?
The network administrator where this workstation is located is
inaccessible, so I have to create this workaround.
Thank you,
-------------------------------------------------
Bruno Negrao - Support Analyst
Engepel Teleinformática. 55-31-34812311
Belo Horizonte, MG, Brazil
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCuG9Yst+vzJSwZikRAgeQAJkBQRMIkhqTvT9XAUU5Ri5e+ybzigCgzXEA
AvPSv6yw4Em98204pnSEhWk=
=iaYC
-----END PGP SIGNATURE-----
