On Mon, Mar 24, 2008 at 12:15:55AM -0700, Bryan Irvine wrote: > having also not read the book, my guess would be that a transparent > proxy + firewall would increase security because people don't have the > the option to run SSH tunnels via the HTTP port. A good example would > be years ago I ran a sock4 proxy on port 80 on my home firewall to > allow me to download MP3s off of napster from my work computer. > > Had a squid proxy been in place I would have been forced to run it on > 53 ;-p
I've yet to find a proxy that I can't get an ssh tunnel through. Look at the -x and -X options in nc(1) and ProxyCommand in ssh_config(5) Having your ssh server listen on ports 80, 443, and 53 (at least) will help as well. There are other options in ports, just search for 'tunnel' - I've used net/gotthard quite sucessfully in the past.
