rejetto forum

Help - behind corporate LAN and firewall.

Fergus · 5 · 2504

0 Members and 1 Guest are viewing this topic.

Offline Fergus

  • Occasional poster
  • *
    • Posts: 2
    • View Profile
Hi, I am behind a corporate LAN and Firewall.  I have local admin permission on my own PC only - I cannot configure the LAN or corporate firewall in any way. HFS works internally (on the LAN) but people on the outside cannot see the server. Considering my restrictions I assume I'm pretty-much screwed - but I'd love to be corrected!


Offline bacter

  • Operator
  • Tireless poster
  • *****
    • Posts: 681
    • View Profile
If the admins of your corporate network are not like microshit - win - engineers and let as many holes open as has a swiss cheese, you have no chance to make hfs visible from outside. And even if you find such a whole and get an open port to use, they will quickly see the your network traffic and its over.

In many corporate networks, university networks and network of public administrations you have no chance to access hfs or any other server software from outside.
« Last Edit: February 06, 2008, 03:14:27 AM by bacter »
your computer has no brain - use your own !



Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13260
    • View Profile
There's a chance to rely on an external computer, that will tunnel all the traffic for you over a VPN.
I know there are such services over there, because i used it years ago. The service was ran by a friend of mine, and it's no more.


Offline Gauge

  • Occasional poster
  • *
    • Posts: 1
    • View Profile
Hello,

This can be done, and in such a way that your network admins will have a tough time determining what you're doing... but it's quite complicated to setup and will most likely get you fired if you're discovered.  It also relies on an external machine on the internet which you're in control of.

Corporate firewalls normally allow secure web browsing on port 443 (HTTPS), so what you need to do is tunnel out of your network on this port by creating an encrypted SSH connection to your remote machine on the internet.  Then, by reverse tunnelling this connection, people can connect to your remote computer which will forward the connections over the tunnel to your work machine where HFS is running.  Because the tunnel is encrypted, your network admins won't be able to tell what it is that's running over this connection, but the persistent nature of the "HTTPS" connection from your work machine to the same address may eventually arouse suspicion.  It can be done successfully using PuTTY and OpenSSH.

Good starting point article if you're interested:  http://www.marksanborn.net/howto/bypass-firewall-and-nat-with-reverse-ssh-tunnel/

This technique is one of your network administrator's worst nightmares since it can effectively expose your entire corporate network to the internet.  Use with extreme caution and be very aware of all the security you're bypassing by doing this.

Gauge

« Last Edit: May 16, 2008, 02:58:09 PM by Gauge »