On Thursday 06 August 2009 18:12:09 Alex Pyattaev wrote: > Heh, you'll never belive, but I have had the same idea a few days before > when I was first installing freenet. And in fact, in order to help those > trapped inside a firewall, a more convinient for those trapped solution > could be found - a tunnel. A tunnel is much more flexible in terms of > protocol - it allows to transmit IRc, ICQ, email ,HTTP or whatever else, and > does not require any protocol implementation. > In fact, a primitive tunnel consists of a daemon which listens to a > particular port and sends all packets to some other host inside freenet's > internal encrypted datastream just as a simple file. Outside the firewall > the very same daemon unpacks the datastream and sends packets to IP layer of > the host OS, which routes them appropriately. The only thing that needs to > be done is faking the sender IP so that it matches the tunnel provider's > external IP address. > So, exact transportation process looks like this: > Sender behind firewall: > IPSRC: any > IPDST: banned site's IP > DPORT: tunnel's entrance port > SPORT: any valid port > All intermediate peers transmit the packet inside encrypted datastream, so > they do not care much > Packet when exiting tunnel(sent from the daemon on the exit side): > IPSRC: external IP of the exit > IPDST: unchanged > DPORT: the port the tunnel was configured for > SPORT: the port which tunnel provider's tunnel daemon listens on > When the response packet gets to the tunnel provider's node, it > automatically gets into the tunnel and is transmitted to the firewalled > machine. > The only issue is that the tunnel needs to be configured separately for each > connection, which is not very convinient, but will work for any protocol, > not just HTTP. > PS: for such cases there are some existing tunneling programs, so the banned > site might consider using them. Or, we could use them as a backend - e.g. > SSH. It is cross-platform, fast, and provides good level of security.
IMHO a simple tunnel would be useful.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
