Re: [OT] Problem accessing email behind firewall

2004-02-29 Thread Pete Gregory 
Laurent proclaimed:

Thanks, Gavin! I tried getting to the IP addresses directly, but they must
have done something because they are also blocked.
I'll see if I could use VNC, but I doubt it will work. If you know Fannie
Mae, you understand that they are very sensitive to the outside world and
nothing, absolutely nothing should disrupt their activities. I think that's
why they are so picky about outside Internet access...
-Laurent.
All is not (yet) lost.  I'm not 100% sure on this since I run linux & OpenBSD @ home - not OS X yet...  They should be very similar.

 You can move ssh to a different port from the default 22 (or an additional port to) -either by changing the sshd startup script or 
editing /etc/ssh/sshd_config.

Then, for example, ssh -p newPort -l myloginname -L 8025:localhost:25 myTunnelBox -L 8080:localhost:3128 myTunnelBox etc etc

What this does is as most eloquently described before by Gavin.  You should be able to find one free port (e.g. 21 shouldn't be open 
to the wide world as ftp isn't secure).  If feeling paranoid, you can can set your firewall to ONLY accept incoming on port 21 for 
ssh if coming from certain 'known valid' ip addresses.  Port 3128 is for web access where you like if you are running a proxy such 
as 'squid'.  By setting your browser to use a proxy for non-internal webpages (localhost:8080), you effectively 'pull' the web pages 
from the external server and then send them encrypted through the ssh tunnel to you on the 'inside'.  -C may also improve throughput.

The best ports to pick after 22 is in the available non-privileged range.  There are ways of finding open ports (e.g. nmap) - talk 
to you offline if you want more help.

A warning about verizon - I was with them for a while but they changed their Terms&Conditions - see 
http://www.verizon.net/policies/vzcom/tos_popup.asp
 3.6 If you subscribe to DSL Service:
...
   E. You may not use the DSL Service to host any type of server personal or commercial in nature

Also when I was using my home dsl to serve, the outgoing bandwidth was poor (128kb/s)... just my (equally OT) 2c.

Cheers,
Pete.






--
G-Books is sponsored by  and...
Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |
 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 


---
The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-28 Thread James Rohde 
On 2/28/04, Gavin Tiplady wrote:

>If you have a Unix account on any box outside your firewall that CAN  
>get to the mail server, and to which to you can make an ssh connection,  
...  ...
>
>All built into Mac OS X, but if you're not using a Mac inside the  
>firewall, but a Windows box, you can do a similar thing using the  
>freeware tool 'putty'.
>
>Gavin Tiplady

Gavin, thank you for that (I'll have to file it away until I have 
occasion (and am better able to understand all that useful information))!

Jim


-- 
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
>The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-28 Thread Laurent Daudelin 
on 28/02/04 04:33, Gavin Tiplady at [EMAIL PROTECTED] wrote:

> Hi Laurent,
> 
>> 
>> ssh: connect to host permanentmailbox.com port 22: Operation timed out
>> 
>> 
> 
> yes that looks like port 22 is blocked.
> 
> So regarding your related post about the URL containing 'mail' - have
> you tried just using the IP address of the web site's host in your
> browser request?
> 
> i.e.
> 
> Name:   netmail.verizon.net
> Address: 206.46.170.9
> 
> (and that seems to redirect to URL based on)
> 
> Name:   sso.verizon.net
> Address: 206.46.186.7
> 
> If this appears to work for the first request but then throws up the
> domain name again when you start to interact with it (as websites tend
> to do) you could place entries in your NetInfo Manager to make the Mac
> use the IP addresses instead - I think that might help?
> 
> With higher desperation levels you could of course always ftp the
> mailbox file from your home computer (left running all the time and
> downloading mail periodically) into your work computer.  They must have
> left port 21 open for a reason :-)

Thanks, Gavin! I tried getting to the IP addresses directly, but they must
have done something because they are also blocked.

I'll see if I could use VNC, but I doubt it will work. If you know Fannie
Mae, you understand that they are very sensitive to the outside world and
nothing, absolutely nothing should disrupt their activities. I think that's
why they are so picky about outside Internet access...

-Laurent.
-- 

Laurent Daudelin   AIM/iChat: LaurentDaudelin
Logiciels Nemesys Software   mailto:[EMAIL PROTECTED]

"Heuristics are bug ridden by definition. If they didn't have bugs, then
they'd be algorithms."


-- 
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
>The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-28 Thread Gavin Tiplady 
Two other ideas..

1)  auto forward your mail from home to work (not that private though).
2)  try VNC (they MIGHT not have closed its ports, you never know) to 
connect to your home computer and just operate it by remote control to 
read and reply to the mail IT has received.

--
G-Books is sponsored by  and...
Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |
 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 


---
The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-28 Thread Gavin Tiplady 
Hi Laurent,

ssh: connect to host permanentmailbox.com port 22: Operation timed out


yes that looks like port 22 is blocked.

So regarding your related post about the URL containing 'mail' - have 
you tried just using the IP address of the web site's host in your 
browser request?

i.e.

Name:   netmail.verizon.net
Address: 206.46.170.9
(and that seems to redirect to URL based on)

Name:   sso.verizon.net
Address: 206.46.186.7
If this appears to work for the first request but then throws up the 
domain name again when you start to interact with it (as websites tend 
to do) you could place entries in your NetInfo Manager to make the Mac 
use the IP addresses instead - I think that might help?

With higher desperation levels you could of course always ftp the 
mailbox file from your home computer (left running all the time and 
downloading mail periodically) into your work computer.  They must have 
left port 21 open for a reason :-)

GT

--
G-Books is sponsored by  and...
Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |
 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 


---
The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-27 Thread Laurent Daudelin 
On 27/02/04 17:22, "Gavin Tiplady" <[EMAIL PROTECTED]> wrote:

> mmm... certainly makes it a bit more of a challenge :-)
> 
> Have you tried to make an outgoing ssh connection anyway?  You might be
> pleasantly surprised.
> 
> Try this in Terminal:
> 
> ssh permanentmailbox.com
> 
> That will try to go to my home network here: if you get a login prompt
> - or something showing that it at least got outside the firewall - then
> the method will work.  (Then you could use your home Mac as the
> friendly box, perhaps setting up a freebie dyndns name for it to
> overcome its IP address changing all the time if that were an issue..).
> 
> Anyway I'll keep thinking about it assuming only port 80 and 21 are
> open, but can't promise anything!

Gavin,

Thanks for all the help! That's what I got when trying to do the ssh
permanentmailbox.com:

ssh: connect to host permanentmailbox.com port 22: Operation timed out

Don't know what that means, though...

-Laurent.
-- 

Laurent Daudelin Developer, Multifamily, ESO, Fannie Mae
mailto:[EMAIL PROTECTED]Washington, DC, USA
 Usual disclaimers apply ***



-- 
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
>The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-27 Thread Gavin Tiplady 
mmm... certainly makes it a bit more of a challenge :-)

Have you tried to make an outgoing ssh connection anyway?  You might be  
pleasantly surprised.

Try this in Terminal:

ssh permanentmailbox.com

That will try to go to my home network here: if you get a login prompt  
- or something showing that it at least got outside the firewall - then  
the method will work.  (Then you could use your home Mac as the  
friendly box, perhaps setting up a freebie dyndns name for it to  
overcome its IP address changing all the time if that were an issue..).

Anyway I'll keep thinking about it assuming only port 80 and 21 are  
open, but can't promise anything!

cheers,
GT
On 28/02/2004, at 7:56 AM, Laurent Daudelin wrote:

Gavin,

Thanks very much for this thorough explanation. I appreciate your time.

However, I don't think it will work because they're also blocking all
outside ports. Port 80 and the port used for ftp are opened, but I  
doubt
they let any outgoing traffic on any other port. We really feel like  
in a
prison here...

Any other idea which would work on port 80? Although, now that I think  
about
it, port 80 is closed by Verizon, so I wouldn't be able to access my
PowerMac running OS X at home. I can't access my web site from work  
because
my web server at home uses port 8080. Darn!

-Laurent.
--  
=== 
=
Laurent Daudelin Developer, Multifamily, ESO, Fannie  
Mae
mailto:[EMAIL PROTECTED]Washington, DC,  
USA
 Usual disclaimers apply  
***

On 27/02/04 15:43, "Gavin Tiplady" <[EMAIL PROTECTED]> wrote:

Laurent,

If you have a Unix account on any box outside your firewall that CAN
get to the mail server, and to which to you can make an ssh  
connection,
then you could set up a secure tunnel from your Mac to that box, and
read your mail as if it was served on your Mac.  Once you have the
tunnel running you just configure your mail client to get mail from
localhost (127.0.0.1).

All traffic running across the tunnel is encrypted which is a bonus.

The command to create the secure tunnel for POP mail (done in  
Terminal)
takes the form

sudo ssh -L 110::110 -L 25::25  -g -v -l 

where

 is the IP address or domain name of the external mail server
 is that outside box that is going to come to your rescue and
 is your username on the unix box 
[Pretty sure the command will need to be run via sudo because the  
ports
in question are privileged]

e.g. sudo ssh -L 110:mail.myisp.com:110 -L 25:mail.myisp.com:25
my.friendly.unix.box.com -g -v -l laurent
What that command is saying is to make a tunnel that creates ports 25
and 110 locally, and run a connection out via the box
"my.friendly.unix.box.com" into ports 25 and 110 of the external mail
server "mail.myisp.com".  You can visualize a duplex cable connecting
the needed ports on the mail server, via the box b, into your Mac,  
thus
allowing you to send and receive mail using localhost.  Leave your  
mail
account and password details the same as they are now, because of
course in reality it is the external mail server that is validating
them.

Just create the ports you normally use - e.g. 25,110 for POP and 25  
and
either 143 or 993 for IMAP.

You can of course forward any port this way - e.g. port 80 to get to
blocked web sites.
All built into Mac OS X, but if you're not using a Mac inside the
firewall, but a Windows box, you can do a similar thing using the
freeware tool 'putty'.
Gavin Tiplady

Home/Work/Fax (+61) 2-9412-1931
Mobile (+61) 412-214-343
MSN: [EMAIL PROTECTED]
AIM/iChat [EMAIL PROTECTED]
Skype: gavintiplady

'Yes,' said Joseph, 'and I was sitting at home looking for Ephesians,
and says I to myself, "'Tis nothing but Corinthians and Thessalonians
in this danged Testament," when who should come in but Henery
there: "Joseph," he said, "the sheep have blasted theirselves -" '
On 28/02/2004, at 5:09 AM, Laurent Daudelin wrote:
The security folks here again have strike: I can no longer use
mail2web to
read my personal email form behind the firewall. I can not even get  
my
mail
using the Verizon web site, so they're not only blocking some  
specific
sites
(although it could still be possible), but I think they're blocking
something in the TCP/IP request.

Anybody knows a workaround, besides finding another job?

-Laurent.


--
G-Books is sponsored by  and...
 Small Dog Electronicshttp://www.smalldog.com  | Refurbished  
Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  
 |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subs

Re: [OT] Problem accessing email behind firewall

2004-02-27 Thread Laurent Daudelin 
Gavin,

Thanks very much for this thorough explanation. I appreciate your time.

However, I don't think it will work because they're also blocking all
outside ports. Port 80 and the port used for ftp are opened, but I doubt
they let any outgoing traffic on any other port. We really feel like in a
prison here...

Any other idea which would work on port 80? Although, now that I think about
it, port 80 is closed by Verizon, so I wouldn't be able to access my
PowerMac running OS X at home. I can't access my web site from work because
my web server at home uses port 8080. Darn!

-Laurent.
-- 

Laurent Daudelin Developer, Multifamily, ESO, Fannie Mae
mailto:[EMAIL PROTECTED]Washington, DC, USA
 Usual disclaimers apply ***

On 27/02/04 15:43, "Gavin Tiplady" <[EMAIL PROTECTED]> wrote:

> Laurent,
> 
> If you have a Unix account on any box outside your firewall that CAN
> get to the mail server, and to which to you can make an ssh connection,
> then you could set up a secure tunnel from your Mac to that box, and
> read your mail as if it was served on your Mac.  Once you have the
> tunnel running you just configure your mail client to get mail from
> localhost (127.0.0.1).
> 
> All traffic running across the tunnel is encrypted which is a bonus.
> 
> The command to create the secure tunnel for POP mail (done in Terminal)
> takes the form
> 
> sudo ssh -L 110::110 -L 25::25  -g -v -l 
> 
> where
> 
>  is the IP address or domain name of the external mail server
>  is that outside box that is going to come to your rescue and
>  is your username on the unix box 
> 
> [Pretty sure the command will need to be run via sudo because the ports
> in question are privileged]
> 
> e.g. sudo ssh -L 110:mail.myisp.com:110 -L 25:mail.myisp.com:25
> my.friendly.unix.box.com -g -v -l laurent
> 
> What that command is saying is to make a tunnel that creates ports 25
> and 110 locally, and run a connection out via the box
> "my.friendly.unix.box.com" into ports 25 and 110 of the external mail
> server "mail.myisp.com".  You can visualize a duplex cable connecting
> the needed ports on the mail server, via the box b, into your Mac, thus
> allowing you to send and receive mail using localhost.  Leave your mail
> account and password details the same as they are now, because of
> course in reality it is the external mail server that is validating
> them.
> 
> Just create the ports you normally use - e.g. 25,110 for POP and 25 and
> either 143 or 993 for IMAP.
> 
> You can of course forward any port this way - e.g. port 80 to get to
> blocked web sites.
> 
> All built into Mac OS X, but if you're not using a Mac inside the
> firewall, but a Windows box, you can do a similar thing using the
> freeware tool 'putty'.
> 
> Gavin Tiplady
> 
> Home/Work/Fax (+61) 2-9412-1931
> Mobile (+61) 412-214-343
> MSN: [EMAIL PROTECTED]
> AIM/iChat [EMAIL PROTECTED]
> Skype: gavintiplady
> 
> 
> 'Yes,' said Joseph, 'and I was sitting at home looking for Ephesians,
> and says I to myself, "'Tis nothing but Corinthians and Thessalonians
> in this danged Testament," when who should come in but Henery
> there: "Joseph," he said, "the sheep have blasted theirselves -" '
> On 28/02/2004, at 5:09 AM, Laurent Daudelin wrote:
> 
>> The security folks here again have strike: I can no longer use
>> mail2web to
>> read my personal email form behind the firewall. I can not even get my
>> mail
>> using the Verizon web site, so they're not only blocking some specific
>> sites
>> (although it could still be possible), but I think they're blocking
>> something in the TCP/IP request.
>> 
>> Anybody knows a workaround, besides finding another job?
>> 
>> -Laurent.



-- 
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
>The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-27 Thread Gavin Tiplady 
Laurent,

If you have a Unix account on any box outside your firewall that CAN  
get to the mail server, and to which to you can make an ssh connection,  
then you could set up a secure tunnel from your Mac to that box, and  
read your mail as if it was served on your Mac.  Once you have the  
tunnel running you just configure your mail client to get mail from  
localhost (127.0.0.1).

All traffic running across the tunnel is encrypted which is a bonus.

The command to create the secure tunnel for POP mail (done in Terminal)  
takes the form

sudo ssh -L 110::110 -L 25::25  -g -v -l 

where

 is the IP address or domain name of the external mail server
 is that outside box that is going to come to your rescue and
 is your username on the unix box 
[Pretty sure the command will need to be run via sudo because the ports  
in question are privileged]

e.g. sudo ssh -L 110:mail.myisp.com:110 -L 25:mail.myisp.com:25  
my.friendly.unix.box.com -g -v -l laurent

What that command is saying is to make a tunnel that creates ports 25  
and 110 locally, and run a connection out via the box  
"my.friendly.unix.box.com" into ports 25 and 110 of the external mail  
server "mail.myisp.com".  You can visualize a duplex cable connecting  
the needed ports on the mail server, via the box b, into your Mac, thus  
allowing you to send and receive mail using localhost.  Leave your mail  
account and password details the same as they are now, because of  
course in reality it is the external mail server that is validating  
them.

Just create the ports you normally use - e.g. 25,110 for POP and 25 and  
either 143 or 993 for IMAP.

You can of course forward any port this way - e.g. port 80 to get to  
blocked web sites.

All built into Mac OS X, but if you're not using a Mac inside the  
firewall, but a Windows box, you can do a similar thing using the  
freeware tool 'putty'.

Gavin Tiplady

Home/Work/Fax (+61) 2-9412-1931
Mobile (+61) 412-214-343
MSN: [EMAIL PROTECTED]
AIM/iChat [EMAIL PROTECTED]
Skype: gavintiplady

'Yes,' said Joseph, 'and I was sitting at home looking for Ephesians,
and says I to myself, "'Tis nothing but Corinthians and Thessalonians
in this danged Testament," when who should come in but Henery
there: "Joseph," he said, "the sheep have blasted theirselves -" '
On 28/02/2004, at 5:09 AM, Laurent Daudelin wrote:
The security folks here again have strike: I can no longer use  
mail2web to
read my personal email form behind the firewall. I can not even get my  
mail
using the Verizon web site, so they're not only blocking some specific  
sites
(although it could still be possible), but I think they're blocking
something in the TCP/IP request.

Anybody knows a workaround, besides finding another job?

-Laurent.
--  
=== 
=
Laurent Daudelin Developer, Multifamily, ESO, Fannie  
Mae
mailto:[EMAIL PROTECTED]Washington, DC,  
USA
 Usual disclaimers apply  
***



--
G-Books is sponsored by  and...
 Small Dog Electronicshttp://www.smalldog.com  | Refurbished  
Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  
 |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 


---
The Think Different Store
http://www.ThinkDifferentStore.com
---


--
G-Books is sponsored by  and...
Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
-- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |
 Support Low End Mac 

G-Books list info:  
 --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 


---
The Think Different Store
http://www.ThinkDifferentStore.com
---

Re: [OT] Problem accessing email behind firewall

2004-02-27 Thread Thomas Ethen 
you should work at a High School where you are not allowed to type in any
portion of any banned word while accessing the internet. That makes it
pretty entertaining, considering the name of the school is one of those
words.

Tom

on 2/27/04 12:09, Laurent Daudelin at [EMAIL PROTECTED] wrote:

> The security folks here again have strike: I can no longer use mail2web to
> read my personal email form behind the firewall. I can not even get my mail
> using the Verizon web site, so they're not only blocking some specific sites
> (although it could still be possible), but I think they're blocking
> something in the TCP/IP request.
> 
> Anybody knows a workaround, besides finding another job?
> 
> -Laurent.


-- 
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
>The Think Different Store
http://www.ThinkDifferentStore.com
---

[OT] Problem accessing email behind firewall

2004-02-27 Thread Laurent Daudelin 
The security folks here again have strike: I can no longer use mail2web to
read my personal email form behind the firewall. I can not even get my mail
using the Verizon web site, so they're not only blocking some specific sites
(although it could still be possible), but I think they're blocking
something in the TCP/IP request.

Anybody knows a workaround, besides finding another job?

-Laurent.
-- 

Laurent Daudelin Developer, Multifamily, ESO, Fannie Mae
mailto:[EMAIL PROTECTED]Washington, DC, USA
 Usual disclaimers apply ***



-- 
G-Books is sponsored by  and...

 Small Dog Electronicshttp://www.smalldog.com  | Refurbished Drives |
 -- Check our web site for refurbished PowerBooks  |  & CDRWs on Sale!  |

  Support Low End Mac 

G-Books list info:  
  --> AOL users, remove "mailto:";
Send list messages to:  
To unsubscribe, email:  
For digest mode, email: 
Subscription questions: 
Archive: 



---
>The Think Different Store
http://www.ThinkDifferentStore.com
---