On Thu, 16 Jun 2005 05:57:29 GMT, Tauno Voipio
<(E-Mail Removed)> wrote:
>dmorgan1 wrote:
>> Can a machine use a host on the opposite side of an ipip tunnel as its
>> gateway to the internet?
>>
>> I have 2 LANs, a gateway in each, and an ipip tunnel between the
>> gateways. A host in either LAN designates its local tunnel endpoint as
>> its default gateway. Now any host in LAN A can interact transparently
>> with any in LAN B and vice versa.
>>
>> I can't quite figure it out, but I want the hosts in LAN A to be able
>> to use the gateway in LAN B as their main gateway to the internet
>> (because gateway B's internet access isn't restricted). Those hosts
>> can reach LAN B just fine through the tunnel. And LAN B can reach the
>> internet. But I can't simply have a LAN A host designate the LAN B
>> gateway for its default gw. The LAN A host already uses and depends
>> on using the LAN A gateway for its default. Traffic from LAN A, when
>> it hits the LAN A gateway, gets stuffed into the tunnel only if it's
>> addressed to LAN B's subnet. If it's going somewhere else, it never
>> gets into the tunnel, but goes out through LAN A gateway's internet
>> interface where it soon hits a firewall. It all depends on what the IP
>> destination addresses are.
>>
>> Is there some tricky routing approach I could implement on LAN A
>> gateway that would push LAN A hosts' packets headed
>> "everywhere-outside-the-2-LANs" into the tunnel so LAN B gateway would
>> get to handle them? I control both gateways.
>
>Attempting to get around a company firewall?
>
>If the firewall administrator can his job, the tunneled
>packets will be restricted so that you'll have no
>advantage in using the other end of the tunnel. An
>IPIP tunneled packet is easy for the firewall to
>analyze.
>
>In principle, there is nothing else to prevent
>this kind of kludge.
The firewall I'm attempting to get around belongs to a school where I
will teach a computer networking class next fall. The unfirewalled LAN
B is at my home.
The disadvantages of being firewalled in a networking class can tend
to defeat its purpose sometimes. I want to ask the school's network
admins to help, but am trying to do my homework first so that I ask
for what will work.
My objective is to enable the class to be unhobbled, while the school
network remains protected. My thought was to ask them to open a
tunnel, perhaps tied to my static IP at home and my machine's MAC
address at school. But I only want to ask them for something if I'm
confident in advance it will work.
As for your technical comments, it seems if the tunnel were an
encrypted one instead of cleartext ipip, their firewall wouldn't flag
the content. And, if in principle there's nothing else to prevent--
any recommendations on my original routing uncertainty would be
useful.
|
Similar Threads
Linear Mode
