From owner-freebsd-net@FreeBSD.ORG Thu Feb 5 11:59:46 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 678FA16A4CE for ; Thu, 5 Feb 2004 11:59:46 -0800 (PST) Received: from vjofn.tucs-beachin-obx-house.com (vjofn.tucs-beachin-obx-house.com [204.107.90.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id 848D643D69 for ; Thu, 5 Feb 2004 11:59:26 -0800 (PST) (envelope-from tuc@tucs-beachin-obx-house.com) Received: (from tucobx@localhost) by vjofn.tucs-beachin-obx-house.com (8.12.9/8.12.9) id i15Jx3ME013956; Thu, 5 Feb 2004 14:59:03 -0500 (EST) From: Tuc at the Beach House Message-Id: <200402051959.i15Jx3ME013956@vjofn.tucs-beachin-obx-house.com> To: will@unfoldings.net (Willie Viljoen) Date: Thu, 5 Feb 2004 14:59:03 -0500 (EST) In-Reply-To: <004a01c3ea1f$1a34cea0$0a00a8c0@arista> from "Willie Viljoen" at Feb 03, 2004 08:29:39 AM X-Mailer: ELM [version 2.5 PL6] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: Tuc at the Beach House cc: tuc@ttsg.com Subject: Re: Whats the best solution? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2004 19:59:46 -0000 > > SSH :-) > Um, yea? > > Have a look at the ssh(1) manpage. > Ok, I have. > > The port forwarding should be able to do > what you are looking for. > But I want EVERY port forwarded. The -L/-R seems to be on a per port basis. > > Also, to get the authentication to be automatic, > set up your SSH to use public keys, and use a passphraseless public key on > your laptop. This will let it automatically log in and set up the tunnel. > You can then tunnel any TCP traffic through a secure channel to your server. > This is all described in the man page. > But on a per port basis, right? The -D, isn't that for SOCKS4? Wouldn't I have to make everything SOCKS4 aware? I don't want that... > > For DNS, use the IP address of the server you plan to use for the other end > of the tunnel. As long as you open only UDP port 53 and configure it > sensibly, there should be no security risk to running a DNS that accepts > from any IP, all proper DNS servers need to do this anyway. This way, you > can run your own DNS, and possibly even put in some private DNS tricks to > make working with the tunnel easier. > What about all the other ports? Is there something that is more "overall" and I can "default route" through? Thanks, Tuc/TTSG Internet Services, Inc.