Is that in putty? Hm, that's what I was wondering... I guess you want your clients to be able to access more than a single website and I guess you don't want to create tunnels for all of them, don't you? So theoretically you'd have to put 0.0.0.0:80 in the destination box, which is basically every webserver in the world. Still I'd like to hear about your opinion on NAT, and why you think it is unsafe. IMHO tunneling all http through ssh, is total overkill, and will demand quite some processing power for decryption/encryption on the gateway side.
Niko ----- Original Message ----- From: "Danny" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 10, 2004 9:56 PM Subject: Re: [Security Firewall] NAT/SSH Tunneling > In the destination host section, am I supposed to put the website I wish > to connect to or the server I installed sshd on and want to be my > gateway? Thanks! > > On Thu, 2004-06-10 at 17:54, Niko Lange wrote: > > Hm, I don't really get it? How can a hacker break in a NATted network, by > > other means than a whole in > > the firewall or a bug in some client software, anyone said IE ;-) ? Could > > just be something I don't know about, though. Could you explain what you > > mean? > > Tunneling works for me, on mnf 8.2 though, without problems. But I am not > > sure what you are trying to do is possible at all, since I think tunneling, > > requires a defined endpoint where you are trying to tunnel to the whole > > world (like 0.0.0.0:80 ). Not entirely sure though, I have to admit... > > > > Niko > > > > ----- Original Message ----- > > From: "Danny" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Thursday, June 10, 2004 9:41 PM > > Subject: [Security Firewall] NAT/SSH Tunneling > > > > > > > Hey All, > > > I'm doing a science project on securing a network of insecure computers, > > > by placing a single Linux Mandrake 9.2 box between the computers and the > > > internet, and changing as little as possible on the network boxes > > > themselves (no installing firewalls, that kinda stuff). > > > The biggest problem I'm trying to figure out is NAT. Yes it is good to > > > stop the beginner hacker, but as I have learned the hard way, it won't > > > stop a good hacker for very long. I've tried SSH Tunneling, but never > > > got it to work. The machines could SSH into the linux box, but never get > > > a webpage, even with ports 80 and 53 tunneled to all addresses. > > > So is there a better alternative to NAT. or could someone help me get > > > SSH tunneling to work? > > > Thanks! > > > Danny > > > > > > > > > > > > > > > -------------------------------------------------------------------------- -- > > ---- > > > > > > > ____________________________________________________ > > > Want to buy your Pack or Services from MandrakeSoft? > > > Go to http://www.mandrakestore.com > > > Join the Club : http://www.mandrakeclub.com > > > ____________________________________________________ > > > > > > > > > > > ______________________________________________________________________ > > ____________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > > Join the Club : http://www.mandrakeclub.com > > ____________________________________________________ > > > ---------------------------------------------------------------------------- ---- > ____________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Join the Club : http://www.mandrakeclub.com > ____________________________________________________ >
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
