|
Lines 2577-2584
Link Here
|
| 2577 |
<filename>/etc/rc.conf.local</filename> or |
2577 |
<filename>/etc/rc.conf.local</filename> or |
| 2578 |
<filename>/etc/rc.conf</filename> to enable your firewall, |
2578 |
<filename>/etc/rc.conf</filename> to enable your firewall, |
| 2579 |
it is important to make sure your firewall is enabled before |
2579 |
it is important to make sure your firewall is enabled before |
| 2580 |
any IP interfaces are configured. |
2580 |
any IP interfaces are configured.</para> |
| 2581 |
</para> |
|
|
| 2582 |
|
2581 |
|
| 2583 |
<para>The next problem is what your firewall should actually |
2582 |
<para>The next problem is what your firewall should actually |
| 2584 |
<emphasis>do</emphasis>! This is largely dependent on what access to |
2583 |
<emphasis>do</emphasis>! This is largely dependent on what access to |
|
Lines 2709-2731
Link Here
|
| 2709 |
|
2708 |
|
| 2710 |
<tip> |
2709 |
<tip> |
| 2711 |
<para>For other HOWTOs detailing IPSec implementation in |
2710 |
<para>For other HOWTOs detailing IPSec implementation in |
| 2712 |
FreeBSD, take a look at <ulink |
2711 |
FreeBSD, take a look at <ulink |
| 2713 |
url="http://www.daemonnews.org/200101/ipsec-howto.html"></ulink> |
2712 |
url="http://www.daemonnews.org/200101/ipsec-howto.html"></ulink> |
| 2714 |
and <ulink |
2713 |
and <ulink |
| 2715 |
url="http://www.freebsddiary.org/ipsec.php"></ulink>.</para> |
2714 |
url="http://www.freebsddiary.org/ipsec.php"></ulink>.</para> |
| 2716 |
</tip> |
2715 |
</tip> |
| 2717 |
|
2716 |
|
| 2718 |
<para>The IPsec mechanism provides secure communication for IP |
2717 |
<para>The IPsec mechanism provides secure communication for IP |
| 2719 |
layer and socket layer communication. This section should |
2718 |
layer and socket layer communication. This section should |
| 2720 |
explain how to use them. For implementation details, please |
2719 |
explain how to use them. For implementation details, please |
| 2721 |
refer to <ulink |
2720 |
refer to <ulink |
| 2722 |
url="../developers-handbook/ipv6.html">The |
2721 |
url="../developers-handbook/ipv6.html">The |
| 2723 |
Developers' Handbook</ulink>.</para> |
2722 |
Developers' Handbook</ulink>.</para> |
| 2724 |
|
2723 |
|
| 2725 |
<para>The current IPsec implementation supports both transport mode |
2724 |
<para>The current IPsec implementation supports both transport mode |
| 2726 |
and tunnel mode. However, tunnel mode comes with some restrictions. |
2725 |
and tunnel mode. However, tunnel mode comes with some restrictions. |
| 2727 |
<ulink url="http://www.kame.net/newsletter/">http://www.kame.net/newsletter/ |
2726 |
<ulink url="http://www.kame.net/newsletter/">http://www.kame.net/newsletter/ |
| 2728 |
</ulink> has more comprehensive examples.</para> |
2727 |
</ulink> has more comprehensive examples.</para> |
| 2729 |
|
2728 |
|
| 2730 |
<para>Please be aware that in order to use this functionality, you |
2729 |
<para>Please be aware that in order to use this functionality, you |
| 2731 |
must have the following options compiled into your kernel:</para> |
2730 |
must have the following options compiled into your kernel:</para> |
|
Lines 2737-2761
Link Here
|
| 2737 |
<title>Transport Mode Example with IPv4</title> |
2736 |
<title>Transport Mode Example with IPv4</title> |
| 2738 |
|
2737 |
|
| 2739 |
<para>Let us setup security association to deploy a secure channel |
2738 |
<para>Let us setup security association to deploy a secure channel |
| 2740 |
between HOST A (10.2.3.4) and HOST B (10.6.7.8). Here we show a little |
2739 |
between HOST A (10.2.3.4) and HOST B (10.6.7.8). Here we show a little |
| 2741 |
complicated example. From HOST A to HOST B, only old AH is used. |
2740 |
complicated example. From HOST A to HOST B, only old AH is used. |
| 2742 |
From HOST B to HOST A, new AH and new ESP are combined.</para> |
2741 |
From HOST B to HOST A, new AH and new ESP are combined.</para> |
| 2743 |
|
2742 |
|
| 2744 |
<para>Now we should choose an algorithm to be used corresponding to |
2743 |
<para>Now we should choose an algorithm to be used corresponding to |
| 2745 |
"AH"/"new AH"/"ESP"/"new ESP". Please refer to the &man.setkey.8; man |
2744 |
"AH"/"new AH"/"ESP"/"new ESP". Please refer to the &man.setkey.8; man |
| 2746 |
page to know algorithm names. Our choice is MD5 for AH, new-HMAC-SHA1 |
2745 |
page to know algorithm names. Our choice is MD5 for AH, new-HMAC-SHA1 |
| 2747 |
for new AH, and new-DES-expIV with 8 byte IV for new ESP.</para> |
2746 |
for new AH, and new-DES-expIV with 8 byte IV for new ESP.</para> |
| 2748 |
|
2747 |
|
| 2749 |
<para>Key length highly depends on each algorithm. For example, key |
2748 |
<para>Key length highly depends on each algorithm. For example, key |
| 2750 |
length must be equal to 16 bytes for MD5, 20 for new-HMAC-SHA1, |
2749 |
length must be equal to 16 bytes for MD5, 20 for new-HMAC-SHA1, |
| 2751 |
and 8 for new-DES-expIV. Now we choose "MYSECRETMYSECRET", |
2750 |
and 8 for new-DES-expIV. Now we choose "MYSECRETMYSECRET", |
| 2752 |
"KAMEKAMEKAMEKAMEKAME", "PASSWORD", respectively.</para> |
2751 |
"KAMEKAMEKAMEKAMEKAME", "PASSWORD", respectively.</para> |
| 2753 |
|
2752 |
|
| 2754 |
<para>OK, let us assign SPI (Security Parameter Index) for each protocol. |
2753 |
<para>OK, let us assign SPI (Security Parameter Index) for each protocol. |
| 2755 |
Please note that we need 3 SPIs for this secure channel since three |
2754 |
Please note that we need 3 SPIs for this secure channel since three |
| 2756 |
security headers are produced (one for from HOST A to HOST B, two for |
2755 |
security headers are produced (one for from HOST A to HOST B, two for |
| 2757 |
from HOST B to HOST A). Please also note that SPI MUST be greater |
2756 |
from HOST B to HOST A). Please also note that SPI MUST be greater |
| 2758 |
than or equal to 256. We choose, 1000, 2000, and 3000, respectively. |
2757 |
than or equal to 256. We choose, 1000, 2000, and 3000, respectively. |
| 2759 |
</para> |
2758 |
</para> |
| 2760 |
|
2759 |
|
| 2761 |
<screen> |
2760 |
<screen> |
|
Lines 2787-2793
Link Here
|
| 2787 |
</screen> |
2786 |
</screen> |
| 2788 |
|
2787 |
|
| 2789 |
<para>Now, let us setup security association. Execute &man.setkey.8; |
2788 |
<para>Now, let us setup security association. Execute &man.setkey.8; |
| 2790 |
on both HOST A and B:</para> |
2789 |
on both HOST A and B:</para> |
| 2791 |
|
2790 |
|
| 2792 |
<screen> |
2791 |
<screen> |
| 2793 |
&prompt.root; <command>setkey -c</command> |
2792 |
&prompt.root; <command>setkey -c</command> |
|
Lines 2798-2804
Link Here
|
| 2798 |
</screen> |
2797 |
</screen> |
| 2799 |
|
2798 |
|
| 2800 |
<para>Actually, IPsec communication does not process until security policy |
2799 |
<para>Actually, IPsec communication does not process until security policy |
| 2801 |
entries are defined. In this case, you must setup each host.</para> |
2800 |
entries are defined. In this case, you must setup each host.</para> |
| 2802 |
|
2801 |
|
| 2803 |
<screen> |
2802 |
<screen> |
| 2804 |
At A: |
2803 |
At A: |
|
Lines 2834-2840
Link Here
|
| 2834 |
<para>Another example using IPv6.</para> |
2833 |
<para>Another example using IPv6.</para> |
| 2835 |
|
2834 |
|
| 2836 |
<para>ESP transport mode is recommended for TCP port number 110 between |
2835 |
<para>ESP transport mode is recommended for TCP port number 110 between |
| 2837 |
Host-A and Host-B.</para> |
2836 |
Host-A and Host-B.</para> |
| 2838 |
|
2837 |
|
| 2839 |
<screen> |
2838 |
<screen> |
| 2840 |
============ ESP ============ |
2839 |
============ ESP ============ |
|
Lines 2844-2851
Link Here
|
| 2844 |
</screen> |
2843 |
</screen> |
| 2845 |
|
2844 |
|
| 2846 |
<para>Encryption algorithm is blowfish-cbc whose key is "kamekame", and |
2845 |
<para>Encryption algorithm is blowfish-cbc whose key is "kamekame", and |
| 2847 |
authentication algorithm is hmac-sha1 whose key is "this is the test |
2846 |
authentication algorithm is hmac-sha1 whose key is "this is the test |
| 2848 |
key". Configuration at Host-A:</para> |
2847 |
key". Configuration at Host-A:</para> |
| 2849 |
|
2848 |
|
| 2850 |
<screen> |
2849 |
<screen> |
| 2851 |
&prompt.root; <command>setkey -c</command> <<<filename>EOF</filename> |
2850 |
&prompt.root; <command>setkey -c</command> <<<filename>EOF</filename> |
|
Lines 2889-2896
Link Here
|
| 2889 |
<para>Tunnel mode between two security gateways</para> |
2888 |
<para>Tunnel mode between two security gateways</para> |
| 2890 |
|
2889 |
|
| 2891 |
<para>Security protocol is old AH tunnel mode, i.e. specified by |
2890 |
<para>Security protocol is old AH tunnel mode, i.e. specified by |
| 2892 |
RFC1826, with keyed-md5 whose key is "this is the test" as |
2891 |
RFC1826, with keyed-md5 whose key is "this is the test" as |
| 2893 |
authentication algorithm.</para> |
2892 |
authentication algorithm.</para> |
| 2894 |
|
2893 |
|
| 2895 |
<screen> |
2894 |
<screen> |
| 2896 |
======= AH ======= |
2895 |
======= AH ======= |
|
Lines 2916-2924
Link Here
|
| 2916 |
</screen> |
2915 |
</screen> |
| 2917 |
|
2916 |
|
| 2918 |
<para>If the port number field is omitted such as above then "[any]" is |
2917 |
<para>If the port number field is omitted such as above then "[any]" is |
| 2919 |
employed. `-m' specifies the mode of SA to be used. "-m any" means |
2918 |
employed. `-m' specifies the mode of SA to be used. "-m any" means |
| 2920 |
wild-card of mode of security protocol. You can use this SA for both |
2919 |
wild-card of mode of security protocol. You can use this SA for both |
| 2921 |
tunnel and transport mode.</para> |
2920 |
tunnel and transport mode.</para> |
| 2922 |
|
2921 |
|
| 2923 |
<para>and at Gateway-B:</para> |
2922 |
<para>and at Gateway-B:</para> |
| 2924 |
|
2923 |
|
|
Lines 2939-2946
Link Here
|
| 2939 |
<para>Making SA bundle between two security gateways</para> |
2938 |
<para>Making SA bundle between two security gateways</para> |
| 2940 |
|
2939 |
|
| 2941 |
<para>AH transport mode and ESP tunnel mode is required between |
2940 |
<para>AH transport mode and ESP tunnel mode is required between |
| 2942 |
Gateway-A and Gateway-B. In this case, ESP tunnel mode is applied first, |
2941 |
Gateway-A and Gateway-B. In this case, ESP tunnel mode is applied first, |
| 2943 |
and AH transport mode is next.</para> |
2942 |
and AH transport mode is next.</para> |
| 2944 |
|
2943 |
|
| 2945 |
<screen> |
2944 |
<screen> |
| 2946 |
========== AH ========= |
2945 |
========== AH ========= |
|
Lines 2955-2962
Link Here
|
| 2955 |
<title>Tunnel Mode Example with IPv6</title> |
2954 |
<title>Tunnel Mode Example with IPv6</title> |
| 2956 |
|
2955 |
|
| 2957 |
<para>Encryption algorithm is 3des-cbc, and authentication algorithm |
2956 |
<para>Encryption algorithm is 3des-cbc, and authentication algorithm |
| 2958 |
for ESP is hmac-sha1. Authentication algorithm for AH is hmac-md5. |
2957 |
for ESP is hmac-sha1. Authentication algorithm for AH is hmac-md5. |
| 2959 |
Configuration at Gateway-A:</para> |
2958 |
Configuration at Gateway-A:</para> |
| 2960 |
|
2959 |
|
| 2961 |
<screen> |
2960 |
<screen> |
| 2962 |
&prompt.root; <command>setkey -c</command> <<<filename>EOF</filename> |
2961 |
&prompt.root; <command>setkey -c</command> <<<filename>EOF</filename> |
|
Lines 2983-2992
Link Here
|
| 2983 |
<para>Making SAs with the different end</para> |
2982 |
<para>Making SAs with the different end</para> |
| 2984 |
|
2983 |
|
| 2985 |
<para>ESP tunnel mode is required between Host-A and Gateway-A. Encryption |
2984 |
<para>ESP tunnel mode is required between Host-A and Gateway-A. Encryption |
| 2986 |
algorithm is cast128-cbc, and authentication algorithm for ESP is |
2985 |
algorithm is cast128-cbc, and authentication algorithm for ESP is |
| 2987 |
hmac-sha1. ESP transport mode is recommended between Host-A and Host-B. |
2986 |
hmac-sha1. ESP transport mode is recommended between Host-A and Host-B. |
| 2988 |
Encryption algorithm is rc5-cbc, and authentication algorithm for ESP is |
2987 |
Encryption algorithm is rc5-cbc, and authentication algorithm for ESP is |
| 2989 |
hmac-md5.</para> |
2988 |
hmac-md5.</para> |
| 2990 |
|
2989 |
|
| 2991 |
<screen> |
2990 |
<screen> |
| 2992 |
================== ESP ================= |
2991 |
================== ESP ================= |
|
Lines 3045-3051
Link Here
|
| 3045 |
<secondary>OpenSSH</secondary> |
3044 |
<secondary>OpenSSH</secondary> |
| 3046 |
</indexterm> |
3045 |
</indexterm> |
| 3047 |
|
3046 |
|
| 3048 |
<para>Secure shell is a set of network connectivity tools used to |
3047 |
<para>Secure shell is a set of network connectivity tools used to |
| 3049 |
access remote machines securely. It can be used as a direct |
3048 |
access remote machines securely. It can be used as a direct |
| 3050 |
replacement for <command>rlogin</command>, |
3049 |
replacement for <command>rlogin</command>, |
| 3051 |
<command>rsh</command>, <command>rcp</command>, and |
3050 |
<command>rsh</command>, <command>rcp</command>, and |
|
Lines 3094-3101
Link Here
|
| 3094 |
</indexterm> |
3093 |
</indexterm> |
| 3095 |
|
3094 |
|
| 3096 |
<para>The &man.ssh.1; utility works similarly to |
3095 |
<para>The &man.ssh.1; utility works similarly to |
| 3097 |
&man.rlogin.1;. |
3096 |
&man.rlogin.1;.</para> |
| 3098 |
</para> |
|
|
| 3099 |
|
3097 |
|
| 3100 |
<screen>&prompt.root <userinput>ssh <replaceable>user@example.com</replaceable></userinput> |
3098 |
<screen>&prompt.root <userinput>ssh <replaceable>user@example.com</replaceable></userinput> |
| 3101 |
Host key not found from the list of known hosts. |
3099 |
Host key not found from the list of known hosts. |
|
Lines 3113-3120
Link Here
|
| 3113 |
will alert you if the saved fingerprint differs from the |
3111 |
will alert you if the saved fingerprint differs from the |
| 3114 |
received fingerprint on future login attempts. The fingerprints |
3112 |
received fingerprint on future login attempts. The fingerprints |
| 3115 |
are saved in <filename>~/.ssh/known_hosts</filename>, or |
3113 |
are saved in <filename>~/.ssh/known_hosts</filename>, or |
| 3116 |
<filename>~/.ssh/known_hosts2</filename> for SSH v2 fingerprints. |
3114 |
<filename>~/.ssh/known_hosts2</filename> for SSH v2 |
| 3117 |
</para> |
3115 |
fingerprints.</para> |
| 3118 |
|
3116 |
|
| 3119 |
<para>By default, OpenSSH servers are configured to accept both |
3117 |
<para>By default, OpenSSH servers are configured to accept both |
| 3120 |
SSH v1 and SSH v2 connections. The client, however, can choose |
3118 |
SSH v1 and SSH v2 connections. The client, however, can choose |
|
Lines 3166-3177
Link Here
|
| 3166 |
|
3164 |
|
| 3167 |
<para>The system-wide configuration files for both the OpenSSH |
3165 |
<para>The system-wide configuration files for both the OpenSSH |
| 3168 |
daemon and client reside within the <filename>/etc/ssh</filename> |
3166 |
daemon and client reside within the <filename>/etc/ssh</filename> |
| 3169 |
directory. |
3167 |
directory.</para> |
| 3170 |
</para> |
3168 |
|
| 3171 |
<para><filename>ssh_config</filename> configures the client |
3169 |
<para><filename>ssh_config</filename> configures the client |
| 3172 |
settings, while <filename>sshd_config</filename> configures the |
3170 |
settings, while <filename>sshd_config</filename> configures the |
| 3173 |
daemon. |
3171 |
daemon.</para> |
| 3174 |
</para> |
|
|
| 3175 |
|
3172 |
|
| 3176 |
<para>Additionally, the <option>sshd_program</option> |
3173 |
<para>Additionally, the <option>sshd_program</option> |
| 3177 |
(<filename>/usr/sbin/sshd</filename> by default), and |
3174 |
(<filename>/usr/sbin/sshd</filename> by default), and |
|
Lines 3183-3190
Link Here
|
| 3183 |
<title>ssh-keygen</title> |
3180 |
<title>ssh-keygen</title> |
| 3184 |
|
3181 |
|
| 3185 |
<para>Instead of using passwords, &man.ssh-keygen.1; can |
3182 |
<para>Instead of using passwords, &man.ssh-keygen.1; can |
| 3186 |
be used to generate RSA keys to authenticate a user. |
3183 |
be used to generate RSA keys to authenticate a user.</para> |
| 3187 |
</para> |
|
|
| 3188 |
|
3184 |
|
| 3189 |
<screen>&prompt.user <userinput>ssh-keygen</userinput> |
3185 |
<screen>&prompt.user <userinput>ssh-keygen</userinput> |
| 3190 |
Initializing random number generator... |
3186 |
Initializing random number generator... |
|
Lines 3203-3210
Link Here
|
| 3203 |
<filename>~/.ssh/identity</filename>, whereas the public key is |
3199 |
<filename>~/.ssh/identity</filename>, whereas the public key is |
| 3204 |
stored in <filename>~/.ssh/identity.pub</filename>. The public |
3200 |
stored in <filename>~/.ssh/identity.pub</filename>. The public |
| 3205 |
key must be placed in <filename>~/.ssh/authorized_keys</filename> |
3201 |
key must be placed in <filename>~/.ssh/authorized_keys</filename> |
| 3206 |
of the remote machine in order for the setup to work. |
3202 |
of the remote machine in order for the setup to work.</para> |
| 3207 |
</para> |
|
|
| 3208 |
|
3203 |
|
| 3209 |
<para>This will allow connection to the remote machine based upon |
3204 |
<para>This will allow connection to the remote machine based upon |
| 3210 |
RSA authentication instead of passwords.</para> |
3205 |
RSA authentication instead of passwords.</para> |
|
Lines 3226-3233
Link Here
|
| 3226 |
machine.</para> |
3221 |
machine.</para> |
| 3227 |
|
3222 |
|
| 3228 |
<para>&man.ssh-agent.1; and &man.ssh-add.1; are |
3223 |
<para>&man.ssh-agent.1; and &man.ssh-add.1; are |
| 3229 |
utilities used in managing multiple passworded private keys. |
3224 |
utilities used in managing multiple passworded private keys.</para> |
| 3230 |
</para> |
|
|
| 3231 |
</sect2> |
3225 |
</sect2> |
| 3232 |
|
3226 |
|
| 3233 |
<sect2> |
3227 |
<sect2> |
|
Lines 3239-3245
Link Here
|
| 3239 |
|
3233 |
|
| 3240 |
<para>OpenSSH has the ability to create a tunnel to encapsulate |
3234 |
<para>OpenSSH has the ability to create a tunnel to encapsulate |
| 3241 |
another protocol in an encrypted session.</para> |
3235 |
another protocol in an encrypted session.</para> |
| 3242 |
<para>The following command tells &man.ssh.1; to create a tunnel |
3236 |
|
|
|
3237 |
<para>The following command tells &man.ssh.1; to create a tunnel |
| 3243 |
for telnet.</para> |
3238 |
for telnet.</para> |
| 3244 |
|
3239 |
|
| 3245 |
<screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5023:localhost:23 user@foo.example.com</replaceable></userinput> |
3240 |
<screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5023:localhost:23 user@foo.example.com</replaceable></userinput> |
|
Lines 3298-3318
Link Here
|
| 3298 |
</variablelist> |
3293 |
</variablelist> |
| 3299 |
|
3294 |
|
| 3300 |
|
3295 |
|
| 3301 |
<para>An SSH tunnel works by creating a listen socket on localhost |
3296 |
<para>An SSH tunnel works by creating a listen socket on localhost |
| 3302 |
on the specified port. It then forwards any connection received |
3297 |
on the specified port. It then forwards any connection received |
| 3303 |
on the local host/port via the SSH connection to the specified |
3298 |
on the local host/port via the SSH connection to the specified |
| 3304 |
remote host and port.</para> |
3299 |
remote host and port.</para> |
| 3305 |
|
3300 |
|
| 3306 |
<para>In the example, port <replaceable>5023</replaceable> on |
3301 |
<para>In the example, port <replaceable>5023</replaceable> on |
| 3307 |
localhost is being forwarded to port |
3302 |
localhost is being forwarded to port |
| 3308 |
<replaceable>23</replaceable> on localhost of the remote |
3303 |
<replaceable>23</replaceable> on localhost of the remote |
| 3309 |
machine. Since <replaceable>23</replaceable> is telnet, this |
3304 |
machine. Since <replaceable>23</replaceable> is telnet, this |
| 3310 |
would create a secure telnet session through an SSH tunnel. |
3305 |
would create a secure telnet session through an SSH tunnel.</para> |
| 3311 |
</para> |
|
|
| 3312 |
|
3306 |
|
| 3313 |
<para>This can be used to wrap any number of insecure TCP protocols |
3307 |
<para>This can be used to wrap any number of insecure TCP protocols |
| 3314 |
such as smtp, pop3, ftp, etc. |
3308 |
such as smtp, pop3, ftp, etc.</para> |
| 3315 |
</para> |
|
|
| 3316 |
|
3309 |
|
| 3317 |
<para>A typical SSH Tunnel</para> |
3310 |
<para>A typical SSH Tunnel</para> |
| 3318 |
<screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5025:localhost:25 user@mailserver.example.com</replaceable></userinput> |
3311 |
<screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5025:localhost:25 user@mailserver.example.com</replaceable></userinput> |
|
Lines 3326-3333
Link Here
|
| 3326 |
<para>This can be used in conjunction with an &man.ssh-keygen.1; |
3319 |
<para>This can be used in conjunction with an &man.ssh-keygen.1; |
| 3327 |
and additional user accounts to create a more seamless/hassle-free |
3320 |
and additional user accounts to create a more seamless/hassle-free |
| 3328 |
SSH tunneling environment. Keys can be used in place of typing |
3321 |
SSH tunneling environment. Keys can be used in place of typing |
| 3329 |
a password, and the tunnels can be run as a separate user. |
3322 |
a password, and the tunnels can be run as a separate user.</para> |
| 3330 |
</para> |
|
|
| 3331 |
|
3323 |
|
| 3332 |
<sect3> |
3324 |
<sect3> |
| 3333 |
<title>Practical SSH Tunneling Examples</title> |
3325 |
<title>Practical SSH Tunneling Examples</title> |
|
Lines 3378-3384
Link Here
|
| 3378 |
<hostid>localhost</hostid> port 8888, which will be |
3370 |
<hostid>localhost</hostid> port 8888, which will be |
| 3379 |
forwarded over to <hostid>music.example.com</hostid> port |
3371 |
forwarded over to <hostid>music.example.com</hostid> port |
| 3380 |
8000, successfully evading the firewall.</para> |
3372 |
8000, successfully evading the firewall.</para> |
| 3381 |
</sect4> |
3373 |
</sect4> |
| 3382 |
</sect3> |
3374 |
</sect3> |
| 3383 |
</sect2> |
3375 |
</sect2> |