Date: Fri, 14 Aug 2020 15:51:10 +0700 From: Olivier <Olivier.Nicole@cs.ait.ac.th> To: freebsd-questions@freebsd.org Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <wu7k0y1mwzl.fsf@banyan.cs.ait.ac.th> In-Reply-To: <CAGBxaXmu6ufw3hcHc6UBJuS2mS=N9x411sfp97YeqKu7LySLCQ@mail.gmail.com> (message from Aryeh Friedman on Fri, 14 Aug 2020 04:35:50 -0400)
next in thread | previous in thread | raw e-mail | index | archive | help
> Nice in theory! The reality is the marching orders we have from the > client (who refuses to bend on this) is "make it work, I don't care how you > do it, just make it work! ... or I will find new programmers who can make > it work"... Good luck on the client doing that because the system is 100% > custom (including the DB engine due to no existing DB meeting the > regulatory requirements of end-to-end encryption [instead of just encrypted > file system and encrypted fields.. the tables themselves need to be > encrypted]) which we have wrote/maintained over the last 8 years including > the occasional new feature (the new feature that is causing all this fuss > is the client wants to autopop the windows MySQL DB the devices use to > avoid duplicate hand copying of data between two forms and due to licensing > costs we forced to do the testing on the production system thus need the > hosting company to set up suitable near real time backups of the MySQL DB). > > >> You mentioned that piort 25 is open, you could modify some SSH client >> and server to start the connection like and SMTP protocol, launch >> STARTLS then so some SSH inside. If the 1st packed is an EHLO and >> everything after is encrypted, they cannot see what is inside. >> > > We actually use port 25 for SMTP so this is a no-go (part of how the > devices work is they send a email when they have data to upload and then > have to be told remotely to upload it [this is one the scripts we have]) If you are ready to do SSH on port 25 (which should be a big no-no considering the stupidity of the hosting company), you can do implement a full IP over IP inside tunnel, with routing and all you need. You will need another machine at the other end of the tunnel. Like a VPN but using SSH tunnel. I have never done that (I have done IP over IP). That means that at the outside layer of IP, you will be able to have all the ports you want, including port 25. Olivier --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wu7k0y1mwzl.fsf>