Re: [9fans] plan9port behind corporate firewall with no DNS or port access
On Sat, Jul 25, 2009 at 1:39 PM, Salman Aljammaz wrote: > Uriel wrote: >> If your work firewall proxies port 80, then things get trickier, you >> could mount sources on the home inferno instance, and then export it >> using mjl's httpd as a read-only http 'tree'. > > assuming you've got openssh, one trick i used to do back in school was > run sshd on on port 443. > > you can then forward specific ports (-L) or even run socks (-D) on ssh. > > salman > > > on unix: % cat .ssh/config Host xxx ProtocolKeepAlives 30 ProxyCommand /path/to/proxytunnel/proxytunnel -p proxyhost:proxyport -P proxyuser:proxypass -d xxx.org % ssh -D localproxyport -Llocaladdress:localport:sources.cs.bell-labs.com:564 u...@xxx.org on Plan 9: % srv -nq tcp!localaddress!localport sources /n/sources and there you have it. only tested it for non-authenticated connections. iru
Re: [9fans] plan9port behind corporate firewall with no DNS or port access
On Sat, Jul 25, 2009 at 9:39 AM, Salman Aljammaz wrote: > Uriel wrote: >> If your work firewall proxies port 80, then things get trickier, you >> could mount sources on the home inferno instance, and then export it >> using mjl's httpd as a read-only http 'tree'. > > assuming you've got openssh, one trick i used to do back in school was > run sshd on on port 443. > > you can then forward specific ports (-L) or even run socks (-D) on ssh. > > salman > > > If you have even one single port open outgoing, all you need is to get a remote Plan 9/Inferno exporting /net on that port. I did it on port 22 while I was waiting for the import port to be opened. #on the outside box aux/listen1 -t 'tcp!*!22' /bin/exportfs #from the inside import -A tcp!remote!22 /net You're using p9p so your mileage may vary... but the basic concept is sound and allows you to completely avoid the firewall, assuming you can actually use a remote /net on p9p. If not, well, you should run a real Plan 9 :) John -- "I've tried programming Ruby on Rails, following TechCrunch in my RSS reader, and drinking absinthe. It doesn't work. I'm going back to C, Hunter S. Thompson, and cheap whiskey." -- Ted Dziuba
Re: [9fans] plan9port behind corporate firewall with no DNS or port access
Uriel wrote: > If your work firewall proxies port 80, then things get trickier, you > could mount sources on the home inferno instance, and then export it > using mjl's httpd as a read-only http 'tree'. assuming you've got openssh, one trick i used to do back in school was run sshd on on port 443. you can then forward specific ports (-L) or even run socks (-D) on ssh. salman
Re: [9fans] plan9port behind corporate firewall with no DNS or port access
> traceroute can't get to that IP address, so I'm pretty sure the corporate > firewall is doing its job. traceroute failure just means that someone is not passing icmp traffic. the only thing you know is icmp traffic won't pass. here's a dirty trick you can do with plan 9 traceroute: ; ip/traceroute /net/tcp!minooka.coraid.com trying /net/tcp!12.51.113.6!32767 round trip times in µs low avg high -- 192.168.0.64175 243 376 192.168.1.254 320 386 509 65.14.248.28 196212011720711 74.253.143.53 211512200222685 205.152.99.98 216492201622468 65.83.238.74 216932209822641 65.83.238.194 226612311323896 12.122.140.198231432393924520 cr2.attga.ip.att.net 12.122.140.45169904 201516 222315 gar19.attga.ip.att.net 12.87.45.86 268552741728069 12.51.113.6 263762694927493 by the way, plan 9 dns query tends to do poorly with rfc2672-style reverse ips. it tends to quit on the cname. - erik
Re: [9fans] plan9port behind corporate firewall with no DNS or port access
Why not run inferno (or 9vx) on your home machine, export /net on port 80, mount it from work using inferno again, and you are out. If your work firewall proxies port 80, then things get trickier, you could mount sources on the home inferno instance, and then export it using mjl's httpd as a read-only http 'tree'. uriel On Sat, Jul 25, 2009 at 10:12 AM, Steve Simon wrote: > There are several places which have readonly versions of sources available via > http, alternatively there is a socks client or even htfilefs, the former uses > the SOCKS protocol to tunnel through the firewall. > > htfilefs mounts a remote ISO image (like the plan9 nightly build iso) > over an http connection and expands it as a hierarchy. > > You could probably write some tunneling software to run on your home > machine and work machine using http in between, but your corperate IT > department might not see the funny side of such practices... > > -Steve > >
Re: [9fans] plan9port behind corporate firewall with no DNS or port access
There are several places which have readonly versions of sources available via http, alternatively there is a socks client or even htfilefs, the former uses the SOCKS protocol to tunnel through the firewall. htfilefs mounts a remote ISO image (like the plan9 nightly build iso) over an http connection and expands it as a hierarchy. You could probably write some tunneling software to run on your home machine and work machine using http in between, but your corperate IT department might not see the funny side of such practices... -Steve
Re: [9fans] plan9port behind corporate firewall with no DNS or port access
On Fri, Jul 24, 2009 at 23:35, andrey mirtchovski wrote: > Just checking: have you tried accessing it by IP address > (204.178.31.8) rather than hostname? (this, of course, assumes that > you've ruled out a bad ndb configuration as the reason). > traceroute can't get to that IP address, so I'm pretty sure the corporate firewall is doing its job. > how about trying with a 9p client such as cl.py from your "normal" machine? Bleh, its python doesn't have 9P. I think I'd rather spend my time trying to figure out how to get a sources/contrib dir and mount it on my home Ubuntu machine. Whom do I ask very nicely for that?
Re: [9fans] plan9port behind corporate firewall with no DNS or port access
Just checking: have you tried accessing it by IP address (204.178.31.8) rather than hostname? (this, of course, assumes that you've ruled out a bad ndb configuration as the reason). how about trying with a 9p client such as cl.py from your "normal" machine? $ cl.py n...@sources.cs.bell-labs.com 9p> ls 9grid adm contrib dist du extra fastos lsr patch plan9 wiki xen 9p> On Fri, Jul 24, 2009 at 10:06 PM, Jason Catena wrote: > At work I sit behind a corporate firewall which neither > knows sources.cs.bell-labs.com nor would provide me direct access to its > ports if it did. I can get out through http proxies (eg curl). Is there > any way to mount sources through this kind of static, or should I resign > myself to only seeing sources from my home computer? > 9fs sources > srv: dial tcp!sources.cs.bell-labs.com!9fs: unknown host > sources.cs.bell-labs.com > 9fs: exit 1 > Jason Catena > >