Sorry about this but I need a little help to defeat a fairly draconian packet
filter on our network ... and you're all so smart ...
Anyway, I'm on machine A, and all attempted connections between the outside
world and A get dropped. I can ssh/rsh/telnet/anything to Unix machine B, and
run any program I like on it (though not as root), and packets from machineB
can get to the outside world. So I want to route my packets via machineB
Is there a routing rule / IPFW rule / user mode program that I can use to
selectively reroute my packets so I'd write:
[gowen@machineA]$ reroute machineB:7272 netscape http://www.wikipedia.org
and all the network requests would be transparently proxied port 7272 on
machineB (where I was running a program that then sent the packets out into
the ether). To be honest, I don't know enough about networking to know if
this is even possible.
I'm root on machineA, but not machineB.
And no, the firewall isn't there to stop me doing this ... its a "temporary"
stopgap since some of our machines got used in a DDoS attack. Unfortunately,
"temporary" has a tendency to mean "policy will probably be repealed before
heat death of universe".
--
Gareth Owen
"Wikipedia does rock. By the count on the "brilliant prose" page, there
are 14 not-bad articles so far" -- Larry Sanger (12 Jan 2001)
filter on our network ... and you're all so smart ...
Anyway, I'm on machine A, and all attempted connections between the outside
world and A get dropped. I can ssh/rsh/telnet/anything to Unix machine B, and
run any program I like on it (though not as root), and packets from machineB
can get to the outside world. So I want to route my packets via machineB
Is there a routing rule / IPFW rule / user mode program that I can use to
selectively reroute my packets so I'd write:
[gowen@machineA]$ reroute machineB:7272 netscape http://www.wikipedia.org
and all the network requests would be transparently proxied port 7272 on
machineB (where I was running a program that then sent the packets out into
the ether). To be honest, I don't know enough about networking to know if
this is even possible.
I'm root on machineA, but not machineB.
And no, the firewall isn't there to stop me doing this ... its a "temporary"
stopgap since some of our machines got used in a DDoS attack. Unfortunately,
"temporary" has a tendency to mean "policy will probably be repealed before
heat death of universe".
--
Gareth Owen
"Wikipedia does rock. By the count on the "brilliant prose" page, there
are 14 not-bad articles so far" -- Larry Sanger (12 Jan 2001)