On Wed, Feb 11, 2009 at 3:57 PM, Diana Eichert <deich...@wrench.com> wrote:
> On Wed, 11 Feb 2009, Tony Berth wrote: > > >>> I just realised that my graph wasn't readable so I'll try here to >> re-draw >> it: >> >> ------------- >> client [a1] >> ------------- >> | >> | >> ------------- >> Firewall >> Proxy:port >> [a2] >> ------------ >> | >> | >> (internet) >> | >> | >> ----------------- >> remote server >> with static IP >> [a3] >> ---------------- >> >> Hope that this one will help to draw some attention from the list. >> >> Thanks >> >> Tony >> >> >> ------------------------------------------------------------------------------------------- >> >> Hi Diana, >> >> The 'a2' is rather a logical entity. Actually there are 2 machines. One >> blocking all direct traffic to the Internet and the other is a proxy which >> address is included in the 'a1's' browser in order to be able to access >> the >> Internet! >> >> Hope I did answer your question! >> >> Thanks Tony >> > > Tony > > First, I put on my corporate network security hat on. If you're trying to > get around corporate policies you're setting yourself up for other problem > if they catch you. We find you doing this where I work and ... . > > Second my helpful reply. :-) > > Ok, so you don't know the specifics of the proxy. The reason I ask is if > it's a MITM proxy, ala Bluecoat, the proxy actually looks at the session > contents. If the packets don't look like proper allowed traffic it gets > blocked. > > If it's a dumb proxy you might be able to get through using something like > httptunnel. Stating "access the Internet" doesn't explain what kind of > traffic is allowed, however my assumption ( I hate to assume ) is they > only want to allow http / https traffic, with perhaps ftp traffic too. > > diana > Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2&a=0&b=0 Thanks Tony