sean at donelan.com
Sun Feb 14 17:38:42 CST 2010
On Sun, 14 Feb 2010, Randy Bush wrote:
>> ssh tunnels to IP address
> i am often on funky networks in funky places. e.g. the wireless in
> changi really sucked friday night. if i ssh tunneled, it would multiply
> the suckiness as tcp would have puked at the loss rate.
> smb whacked me that i should use non-tcp tunnels.
Their network, their rules; your network, your rules; my network, my
If you visit lots of funky places, its probably time to learn about
tunnelling protocols. If you don't like their network rules, tunnel to a
different network with rules you prefer.
Ports 80/443 seem to work as the universal tunnelling ports, along with
SSH, VPN, PPTP, IPnIP/IPSEC, etc. Sometimes proxy-tunnel software which
encapsulates packets inside HTTP works. AOL and SKYPE seem to
successfully tunnel through a lot of stuff. Of course, if you are on a
network which doesn't want allow tunnels, e.g. an internal enterprise
network, you may not want to do that.
Per-application stuff work sometimes (DNSSEC/TSIG-forwarders, HTTPS, etc),
but when allowed I immediately create a tunnel and don't spend time
debugging local networks. Some people always use tunnels even when using
networks such as the NANOG or IETF conference networks.
More information about the NANOG