ip over ip tunneling

Gregory Nowak greg at romuald.net.eu.org
Wed Aug 11 13:34:12 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

By "setup IP over IP tunneling," I mean exactly that. Specifically,
enable IP: tunneling (CONFIG_NET_IPIP)  in the kernel, either rebuild
and reinstall the kernel, or compile and install the ipip.o module
(depending on your choice), load the ipip module, if it is a module,
and carry out the appropriate steps to configure the tunl0
interface. If this still isn't clear, then I'm sorry, but I can't make
it any clearer then that.

As for your suggestion, it is appreciated, but it falls short of what
I'm looking for. What you were doing, is circumventing a firewall, to
gain access to a remote machine, machine b for our purposes, to a
service running on a non-standard port. What I need goes beyond that,
by allowing me to connect to any host on the internet, making it
appear as if the connection is originating on an IP address on machine
B's network. This IP address would be supplied as part of the tunnel
configuration, the way I understand the setup now. Specifically, the way I understand things about ip over
ip now, there would be 2 private addresses, one for each end of the
tunnel on each host. The tunnel runs through the regular ethernet
interface (I.E. eth0, or eth1), and encapsulates ipv4 in ipv4. The
machine on the other end, machine b, receives whatever came through
the tunnel from machine a, decapsulates it, and forwards it to the
internet, for which probably iptables would be used.

Greg


On Tue, Aug 10, 2004 at 10:16:44PM -0400, Janina Sajka wrote:
> I'm not sure what you mean by "setup IP over IP tunneling," but I can
> tell you what I do in various circumstances. It's not kernel based as
> much as it is ssh based, and relies on the -L and/or -R switches for
> ssh. For example, where I worked recently, the closed access to the
> internal network so that I could no longer ssh in. I got around that by
> doing:
> 
> while true; do
> ssh -R 23258:localhost:23 66.92.170.XX
>  done
> 
> from the machine  on the inside that I wanted to get to while off
> somewhere around the world. Here's what this command means. Consider the
> outside elements, 'ssh 66.92.170.XX." That part is certainly clear, and
> does as you expect. It establishes a connection from the machine where
> the command is issued to the machine at 66.92.170.XX. The wrapper script
> "while true do" just insures that the link gets re-established should it
> go down for some reason.
> 
> The inner portion says "take the remote port 23258 on localhost and send
> it back here on port 23." In other words, I could, on the machine that
> is 66.92.170.xx, type:
> 
> telnet localhost 23258
> 
> and get a telnet login back to that machine inside the firewall.
> 
> It worked like a charm.
> 
> Other uses for this kind of syntax might include forwarding mail, or
> real audio (or speak freely) ports. Whatever.
> 
> I hope this is clear, at least as clear as mud and that it's somewhat
> helpful.
> 

- -- 
Free domains: http://www.eu.org/ or mail dns-manager at EU.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBGliU7s9z/XlyUyARAmVxAKDLlbyIJznyLzQXn+0CVPPiLNSsPACfcY9R
HrLp1k0NzC17zT8XgBD44sk=
=99gH
-----END PGP SIGNATURE-----




More information about the Speakup mailing list