I have no idea how to pierce firewalls with lesser operating systems,
but you can take one of these old disused computers
(about anything with 8MB of RAM and an ethernet card should do),
install Linux or BSD as on it, and pierce the firewall with it,
while serving as a router for other machines running lesser OSes.
See appropriate HOWTOs about routing, IP forwarding, NAT, etc.
I don't know the details, but a promising tool to pierce firewalls is
Chris Mason's Bouncer,
which acts as a SOCKS-proxy-over-SSL.
There are other kinds of firewalls
than those that allow for direct ssh or telnet connections.
As long as a continuous flow of packets
may transmit information through a firewall in both directions,
it is possible to pierce it;
only the price of writing the piercer may be higher or lower.
In a very easy case, we saw that you can just launch ssh
over a pty master and do some pppd in the slave tty.
You may even want to do it without an adverse firewall,
just so as to build a secure ``VPN'' (Virtual Private Network).
The VPN mini-HOWTO
gives all the details you need about this.
We invite you, as an exercise,
to modify fwprc
so as to use this technique,
or perhaps even so as to use it
inside a previous non-secure fwprc session.
Now, if the only way through the firewall is a WWW proxy
(usually, a minimum for an Internet-connected network),
you might want to use
Chris Chiappa's
script
ssh-https-tunnel.
Another promising program for piercing through HTTP is
Lars Brinkoff's
httptunnel,
a http server and client combination that achieves a TCP/IP tunnel connection
through the proxy-friendly HTTP protocol.
You should then be able to run fwprc
(preferably over ssh)
over that connection, although I haven't tried it yet.
Could anyone test and report?
Note that httptunnel is still under development,
so you may help implement
the features it currently lacks,
like, having multiple connections, and/or serving fake pages
so as to mislead suspicious adverse firewall administrators.
Whatever goes through your firewall,
be it telnet, HTTP or other TCP/IP connections,
or something real weird like DNS queries, ICMP packets, e-mail
(see mailtunnel,
icmptunnel),
or whatelse,
you can always write a tunnel client/server combination,
and run a ssh and/or PPP connection through it.
The performance mightn't be high,
depending on the effective information communication rate
after paying the overhead for coding around filters and proxies;
but such a tunnel is still interesting as long as it's good enough
to use fetchmail, suck,
and other non-interactive programs.
If you need cross a 7-bit line, you'll want to use SLIP instead of PPP.
I never tried, because lines are more or less 8-bit clean these days,
but it shouldn't be difficult.
If necessary, fall back to using the
Term-Firewall mini-HOWTO.
If you have an 8-bit clean connection and you're root on linux both sides
of the firewall, you might want to use ethertap for better performance,
encapsulating raw ethernet communications on top of your connection.
David Madore has written ethertap-over-TCP and ethertap-over-UDP tunneling
ftp://quatramaran.ens.fr/pub/madore/misc/.
There remains to write some ethertap-over-tty to combine with fwprc-like tools.
If you really need more performance than you can get
while paying for a user-space sequential communication tunnel
through which to run PPP,
then you're in the very hard case
where you might have to re-hack a weird IP stack,
using (for instance) the Fox project's packet-protocol functors.
You'll then achieve some direct IP-over-HTTP, IP-over-DNS, IP-over-ICMP,
or such, which requires not only an elaborate protocol,
but also an interface to an OS kernel, both of which are costly to implement.
Finally, if you're not fighting against an adverse firewall,
but just building your own VPN, there is a large offer of VPN tools,
and although the tricks I present are simple, work well,
and might be enough for your needs, it could be a good idea
to look at this evolving offer (that I do not know much about)
for a solution that fits your requirements of performance and maintainability.
I felt it was necessary to write it,
but I don't have that much time for that,
so this mini-HOWTO is very rough.
Thus will it stay,
until I get enough feedback so as to know what sections to enhance,
or better, until someone comes and takes over maintenance for the mini-HOWTO.
Feedback welcome. Help welcome. mini-HOWTO maintenance take-over welcome.
In any case, the above sections have shown many problems
whose solution is just a matter of someone (you?)
spending some time (or money, by hiring someone else)
to sit down and write it:
nothing conceptually complicated,
though the details might be burdensome or tricky.
Do not hesitate to contribute more problems, and hopefully more solutions,
to this mini-HOWTO.