From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 24 10:36:51 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCB3F37B401 for ; Thu, 24 Jul 2003 10:36:51 -0700 (PDT) Received: from mail.cyberonic.com (mail.cyberonic.com [4.17.179.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08F7C43F75 for ; Thu, 24 Jul 2003 10:36:51 -0700 (PDT) (envelope-from jmg@hydrogen.funkthat.com) Received: from hydrogen.funkthat.com (node-40244c0a.sfo.onnet.us.uu.net [64.36.76.10]) by mail.cyberonic.com (8.12.8/8.12.5) with ESMTP id h6OI790n030700; Thu, 24 Jul 2003 14:07:10 -0400 Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.9/8.11.6) id h6OHaf40020138; Thu, 24 Jul 2003 10:36:41 -0700 (PDT) (envelope-from jmg) Date: Thu, 24 Jul 2003 10:36:41 -0700 From: John-Mark Gurney To: Diomidis Spinellis Message-ID: <20030724173640.GA10708@funkthat.com> Mail-Followup-To: Diomidis Spinellis , Luigi Rizzo , freebsd-hackers@freebsd.org References: <3F1F96A5.A7D2D221@aueb.gr> <20030724021426.A28546@xorpc.icir.org> <3F1FBD35.82A3629E@aueb.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F1FBD35.82A3629E@aueb.gr> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: Luigi Rizzo cc: freebsd-hackers@freebsd.org Subject: Re: Network pipes X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jul 2003 17:36:52 -0000 Diomidis Spinellis wrote this message on Thu, Jul 24, 2003 at 14:04 +0300: > separate command "netpipe". Netpipe takes as arguments the originating > host, the socket port, the command to execute, and its arguments. > Netpipe opens the socket back to the originating host, redirects its I/O > to the socket, and execs the specified command. This breaks nat firewalls. It is very common occurance to only accept incoming connections, and only on certain ports. This means any system of firewill will probably be broken by this. :( i.e. behind a nat to a public system, the return connection can't be established. From any system to a nat redirected ssh server, the incoming connection won't make it to the destination machine. I think this should just be a utility like Luigi suggested. This will help "solve" these problems. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."