>From: Groth, Daniel <[EMAIL PROTECTED]>
>Hi. I am facing a problem: I need to encrypt the IP traffic IN&OUT of
>several UNIX (not Linux) machines without installing any addition machines.
>Is it possible to hijack the traffic by a daemon which would do the
>encryption stuff? The main reason of this is that my customers don't want
to
>open ports on their firewalls except HTTP(S). So I would have to redirect
>the traffic through HTTPS and unfold it on the other side. But I am sceptic
>about the feasibility...
Secure Shell could probably fit your requirements. It doesn't require any
additional hardware, you can put the daemon and client on your existing Unix
machines (you just need to compile it for those platforms - although there
might be pre-compiled binaries lying around somewhere).
With ssh, you can encrypt a telnet-like session between two machines, and
then enable TCP port forwarding to and from those hosts, which tunnels
traffic to and from the ports you specify through the ssh session. In
addition, if you change the default port that ssh listens to, which is port
22, to port 443, then effectively you are tunneling all your traffic through
the port normally reserved for https, which gets by most firewalls. Whether
this is a good thing or not (bypassing the firewall) depends on who you talk
to, but this is a solution that would work.
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
