Two Steps to Circumvent a Network Firewall
Copyright 2009 16 Systems

-------------------------

You *do not* need root access to follow these instructions.

Scenario:

	You have shell access to a Unix computer on a workplace network that is
	heavily firewalled. ACLs prevent access to workplace computers from outside
	the network unless you use the network's VPN. You can't install the VPN software
	on your OpenBSD laptop, but you'd still like to be able to securely access
	workplace computers. Here's what to do:

1. From a shell account on a Unix box behind the firewalled network do this:

	ssh -N -R 3389:localhost:22 user@remote-unix-box.net

2. Leave work and go home. From a shell account on remote-unix-box.net do this:

	ssh 127.0.0.1 -p 3389
    
Notes: 
	
	* That's it. ACLs and firewalls are just a bump in the road to folks who
	know what they are doing. However, it's unwise to violate workplace
	policy, so don't use these simple, easy instructions without permission.
	Also know that other restrictions may be employed in an effort to prevent this.

	* Port 3389 on remote-unix-box.net should not have a service bound to it prior
	to executing the first command. You might want to start screen or tmux on the workplace
	unix box and run 'ping -i 10 127.0.0.1' to ensure the tunnel stays alive while
	running the ssh command in parallel. 
	
	* Donate some cash to OpenBSD and or OpenSSH for the wonderful
	tools they provide: http://openbsd.org/donations.html