[kwlug-disc] Getting around firewalls
L.D. Paniak
ldpaniak at fourpisolutions.com
Tue Jan 20 22:40:03 EST 2015
I would hazard a guess that the school implemented client isolation (or
some variant) to keep wireless clients from being able to
communicate/hack/etc each other. If so there is not much that can be
done with the school wifi.
The clear way around this is to set up your own Pi wifi access point -
then everyone in your lab can enjoy unimpeded communications. I have
found that an adhoc network is at least as much trouble to set up as a
proper NAT access point. hostap and the create_ap script in the link
you provided below should make it relatively easy. For icing on the
cake, NAT your wifi private network out to the school network and wait
for the wrdsb net admins to descend...
I'm sure this list will be glad to help out with any questions that pop
up. Start off by understanding the NAT configuration - wifi is just an
extension of that.
Happy hacking,
Lori
On 01/20/2015 05:38 PM, Keefer Rourke wrote:
>
> Alright, so I'll do an nmap port scan (sorry, wrdsb net admins)
> tomorrow when I get to the school, and try various unblocked ports.
>
> If nothing works, the Pi is equipped with a wireless dongle that can
> be configured as an access point, so an ad hoc network could be set
> up, probably. Though I've never had any experience with networking and
> I'm unsure of how to actually get one running.
>
> Consulting the Arch Wiki
> <https://wiki.archlinux.org/index.php/Software_access_point> reveals
> that there are several methods of creating access points. I'm not
> really sure which is easiest, or which is ideal. Again, I'm just
> trying to connect two machines, my laptop and the Pi. As someone new
> to networking, can anyone offer me any advice? Thanks!
>
> Cheers,
> Keefer
>
> (Sent from my mobile phone)
>
> On Jan 20, 2015 10:56 AM, "CrankyOldBugger" <crankyoldbugger at gmail.com
> <mailto:crankyoldbugger at gmail.com>> wrote:
>
> If it's just the laptop and the Pi, then Port Forwarding isn't
> relevant here.
>
> My guess is that since you have root on the Raspi, first make a
> backup copy of the /etc/ssh/sshd_config file, then in there change
> the port to an unblocked port (look for Port 22 then change the 22
> to whatever), then do the ssh ... -p on your laptop as I mentioned
> earlier.
>
> On the other hand... I'm not overly familiar with the Raspi, but
> would an ad-hoc network be a consideration?
>
>
>
> On Tue Jan 20 2015 at 10:21:59 AM Keefer Rourke
> <keefer.rourke at gmail.com <mailto:keefer.rourke at gmail.com>> wrote:
>
> I'm actually trying to SSH into a Raspberry Pi that is on the
> same network as my laptop. The only time the two machines need
> to connect is when they are both at the school, and in the
> same room, since my laptop will just be used as a remote
> control station to send commands to the pi to make the robot
> do things (that was probably poorly explained, but hopefully
> you get the gist). Though I'm not very familiar with the
> concept, I don't think port forwarding is really an option?
>
> If it makes a difference, I have complete root access to the
> Raspberry Pi which is running Arch Linux ARM (for the sole
> reason that the package manager actually works on the school
> network), so I can change anything on the machine as necessary.
>
> On 20 January 2015 at 10:10, CrankyOldBugger
> <crankyoldbugger at gmail.com <mailto:crankyoldbugger at gmail.com>>
> wrote:
>
> I take it that you're trying to SSH to a computer that you
> own? If that's the case you can just set up Port
> Forwarding on your router. Then you can pick some wild
> port number, up to 65535, I think, and have your home
> router redirect that port to port 22 on your home computer.
>
> I've got all of my home Linux boxes set up this way, then
> I use DynDNS to get the names straight. So if I'm at work
> (which seem to like blocking the useful ports for some
> reason), I can SSH to my Ubuntu desktop using:
>
> ssh user at ubuntubox.org <mailto:user at ubuntubox.org> -p 45678
>
> So I'm using port 45678 to get out of the office. Then on
> my home router, port forwarding knows that port 45678
> should be forwarded to my Ubuntu box's internal IP
> (192.168.x.x), using port 22 between the router and the
> desktop.
>
> You just need to do some playing around to see if port
> "45678" (or any other port over 1024) is open at the school.
>
> Now if you're trying to connect to a machine that someone
> else owns, well that's a different story... I wonder if
> you could set up a proxy server at home that points back
> out to the internet?
>
>
>
>
> On Tue Jan 20 2015 at 9:58:10 AM Keefer Rourke
> <keefer.rourke at gmail.com <mailto:keefer.rourke at gmail.com>>
> wrote:
>
> For some strange reason, I've found high school
> institutions to be /extremely/ *NIX-phobic. And they,
> or at least my particular school, seem to be becoming
> increasingly so. Previously I had only noticed
> firewalls in place which block all traffic from major
> Linux package managers like apt and yum, though this
> never affected me as I've never had an issue updating
> my Arch Linux installation while on the school network.
>
> However, things appear to have changed as SSH
> connections are now also blocked. Before the winter
> holidays I could use secure shell at school to my
> heart's content, but now that people in my computer
> engineering class are beginning to use it more often
> so they can remotely connect to their headless
> Raspberry Pis (with which we're supposed to be
> controlling robots), the protocol has conveniently
> stopped working (I'm guess the board discovered this
> "unusual" traffic and decided to block it). I now find
> myself needing a way to get around this problem, or my
> summative project will have come to an effective halt.
>
> As a suggested work-around, I tried changing the
> default port on the host (the pi) from 22, to 443, and
> establishing a connection to that port from my laptop,
> but the connection still times out after a few
> minutes. I'm wondering if, either I'm doing something
> wrong with the port configurations (though the verbose
> output from SSH would suggest otherwise), or if there
> is another solution to getting around the WRDSB's
> apparent hatred of free technology.
>
> My teacher suggested that we create a subnetwork
> between the two machines, which I will try today, but
> if there are any alternative solutions, I'd love to
> know of them. Anyone else run into problems like this?
>
> --
> Cheers,
> Keefer
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
>
> --
> Cheers,
> Keefer
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20150120/f8019fb2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20150120/f8019fb2/attachment.sig>
More information about the kwlug-disc
mailing list