From owner-freebsd-net Sun Sep 8 0:46:59 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BDB537B400 for ; Sun, 8 Sep 2002 00:46:56 -0700 (PDT) Received: from smtp.inode.at (goliath.inode.at [195.58.161.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6307A43E4A for ; Sun, 8 Sep 2002 00:46:55 -0700 (PDT) (envelope-from mbretter@inode.at) Received: from line-e-127.adsl-dynamic.inode.at ([62.99.165.127] helo=inode.at) by smtp.inode.at with esmtp (Exim 3.34 #1) id 17nwmN-000498-00 for freebsd-net@freebsd.org; Sun, 08 Sep 2002 09:46:48 +0200 Message-ID: <3D7AFFD4.6020500@inode.at> Date: Sun, 08 Sep 2002 09:44:20 +0200 From: Michael Bretterklieber User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.1) Gecko/20020826 X-Accept-Language: de-de, de-at, de, en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: protocol inspection (tunneling ssh over http proxy) Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Is there any project or are there any plans to extend ipfw with a protocol inspection module? I know that this can be very bad for the performance of a firewall, but If you have only a bandwidth of 1MBit this shouldn't be a problem. We have problems in our company, that some users, wich have not directly access to the internet, let ssh tunnel over our http-proxy. Extending ssh for tunneling is very easy (see Putty or corkscrew) and its also not a problem for them to let on another machine sshd run on port 443 or 80. At the moment I have no idea how to prevent the users from tunneling ssh over http. bye, -- -- -------------------------------------- E-mail: Michael.Bretterklieber@jawa.at ---------------------------- JAWA Management Software GmbH Liebenauer Hauptstr. 200 A-8041 GRAZ Tel: ++43-(0)316-403274-12 Fax: ++43-(0)316-403274-10 GSM: ++43-(0)676-93 96 698 homepage: http://www.jawa.at --------- privat ----------- E-mail: mbretter@inode.at homepage: http://www.inode.at/mbretter -------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message