Jim Richardson wrote:
On Fri, Feb 12, 2010 at 2:15 PM, Randy Bush <randy@psg.com> wrote:
i just lost ten minutes debugging what i thought was a server problem which turned out to be a dns trapper on the wireless in the changi sats lounge. this is not the first time i have been caught by this.
what are other roaming folk doing about this?
randy
ssh tunnels to IP address
I sent this directly to Randy, but perhaps there are others who are interested in doing this as well. For the archives (and my own documentation): My DNS server doesn't listen on localhost (a prereq), so I'll use submit port instead: # on the roaming laptop (hereinafter 'client') # -f == run in background # steve@host is the submit server # -L means map this port "587:" to "remote-host:port" # -N means do not execute remote command client# ssh -f steve@208.70.104.210 -L 587:208.70.104.210:587 -N ...now I tell my local resolver (or in this case, my MUA) to use localhost instead of the normal remote host. Note that I generally use the standard ports on my localhost for this mapping. Doing so will not work for things like HTTP etc, as we are focused squarely on accessing resources located on our own equipment... ...SSH tunnelling even works over v6. The colon-separated address isn't handled well within the port-mapping portion of the command, so we'll use names instead: pearl# dig aaaa smtp.ibctech.ca smtp.ibctech.ca. 3598 IN AAAA 2607:f118::b6 ... client# ssh -6 -f steve@smtp.ibctech.ca -L 587:smtp.ibctech.ca:587 -N server# tcpdump -n -i lo0 port 587 client# telnet ::1 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 smtp.ibctech.ca ESMTP server# tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes 19:01:20.529444 IP6 2607:f118::b6.59842 > 2607:f118::b6.587: S 4152936854:4152936854(0) win 65535 <mss 1440,nop,wscale 3,sackOK,timestamp 3135691171 0> 19:01:20.529497 IP6 2607:f118::b6.587 > 2607:f118::b6.59842: S 3425118408:3425118408(0) ack 4152936855 win 65535 <mss 1440,nop,wscale 3,sackOK,timestamp 322067125 3135691171> 19:01:20.529532 IP6 2607:f118::b6.59842 > 2607:f118::b6.587: . ack 1 win 8211 <nop,nop,timestamp 3135691171 322067125> 19:01:20.535727 IP6 2607:f118::b6.587 > 2607:f118::b6.59842: P 1:28(27) ack 1 win 8211 <nop,nop,timestamp 322067131 3135691171> 19:01:20.635335 IP6 2607:f118::b6.59842 > 2607:f118::b6.587: . ack 28 win 8211 <nop,nop,timestamp 3135691277 322067131> ...I love easy workarounds. I got sick and tired of fscking around a long time ago with troubleshooting blocked/hijacked ports, so I thought I'd bypass the problem by hijacking and re-routing the ports myself. Port tunnelling like this is my default whenever I'm not at home. Even on Windows its easy...all my apps are portable. Steve