<HTML ><HEAD ><TITLE >Reverse piercing</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.63 "><LINK REL="HOME" TITLE="Firewall Piercing mini-HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Routing" HREF="x296.html"><LINK REL="NEXT" TITLE="Final notes" HREF="x381.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Firewall Piercing mini-HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="x296.html" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="x381.html" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="AEN353" >7. Reverse piercing</A ></H1 ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN355" >7.1. Rationale</A ></H2 ><P >Sometimes, only one side of the firewall can launch telnet sessions into the other side; however, some means of communication is possible (typically, through e-mail). Piercing the firewall is still possible, by triggering with whatever messaging capability is available a telnet connection from the ``right'' side of the firewall to the other.</P ><P ><B CLASS="COMMAND" >fwprc</B > includes code to trigger such connections from an OpenPGP-authentified email message; all you need is add <B CLASS="COMMAND" >fwprc</B > as a <B CLASS="COMMAND" >procmail</B > filter to messages using the protocol, (instructions included in <B CLASS="COMMAND" >fwprc</B > itself). Note however, that if you are to launch <B CLASS="COMMAND" >pppd</B > with appropriate privileges, you might need create your own suid wrapper to become root. Instructions enclosed in <B CLASS="COMMAND" >fwprc</B >.</P ><P >Also, authentified trigger does not remotely mean secure connection. You should really use <B CLASS="COMMAND" >ssh</B > (perhaps over telnet) for secure connections. And then, beware of what happens between the triggering of a telnet connection, and <B CLASS="COMMAND" >ssh</B > taking over that connection. Contribution in that direction welcome.</P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN368" >7.2. Getting the trigger message</A ></H2 ><P >If you are firewalled, your mail may as well be in a central mailserver that doesn't do procmail filtering or allow telnet sessions. No problem! You can run <B CLASS="COMMAND" >fetchmail</B > in daemon mode (or within a cron job) to poll your mailserver and deliver mail to your linux system which itself will have been configured to use <B CLASS="COMMAND" >procmail</B > at delivery. Note that if you run <B CLASS="COMMAND" >fetchmail</B > as a background daemon, it will lock away any other fetchmail that you'd like to run only at other times, like when you open a <B CLASS="COMMAND" >fwprc</B >; of course, if you can also run a fetchmail daemon as a fake user. Too frequent a poll won't be nice to either the mailserver or your host. Too infrequent a poll means you'll have to wait before the message gets read and the reverse connection gets established. I use two-minute poll frequency.</P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN375" >7.3. Other automated tools for reverse piercing</A ></H2 ><P >Another way to poll for messages, when you don't have a mailbox, but do have outbound FTP access, is to use <A HREF="http://dhirajbhuyan.hypermart.net/ftp-tunnel.html" TARGET="_top" >FTP tunnel</A >.</P ><P >A tool to maintain a permanent connection between a firewalled host and an external proxy, so as to export services from the host to the world, is <A HREF="http://www.employees.org/~hek2000/projects/firewallTunnel/" TARGET="_top" >firewall tunnel</A >.</P ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="x296.html" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="x381.html" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Routing</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Final notes</TD ></TR ></TABLE ></DIV ></BODY ></HTML >