Hello Amigo_x, I know that i can set the configuration, but my question was based on the fact that if there is an existing firewall, which you cannot configure, if you can 'bypass' it lets say using a special prepared packet? If eg. firewall with WAN IP 11.11.11.11 accepting packets only at port 22, and in that LAN there is a host lets say 10.1.1.2 accepting packets at port 80, if i can send 'special packets' to firewall`s port 22 and bypass it, hiting the host 10.1.1.2 behind it on port 80 ? As i can remember, weak settings make that possible, eg. if the packets use overlaping fragmentation (flags can be set for TCP/IP), or just think at the ACK flag, a firewall which is realised by a static packet filter wont care if there has been asked for a connection (stateles) and accept all packets with ACK flag set. But i`m not asking about those flags, i`m asking if there is some posibility to prepare packets for the scenario i described above. What do you think ? Cheers, Adam Sunday, August 20, 2006, 7:50:09 PM, you wrote: <==============Original message text=============== sfo> Hello All sfo> Yes it's teorecticly 101% posible. most of the new firewalls have this sfo> options. sfo> Exemple: linux firewall,with port forwarding si some special; settings if sfo> someone has as firewall = a router , he must put on it forward on port & sfo> ip. sfo> Let's say: 11.11.11.11 port 80 but from this port the firewall doaes/t let sfo> you to di that beacause u have an internal ip: ( 10.1.1.1 ). but u when u sfo> access 11.11.11.11 u set it: if he gets requests from port 80 to send tham sfo> at the intern ip 10.1.1.1 on port 22. but that depens what firewall u use, sfo> what kind of information u want to send & recive, on what ports, ect but i sfo> think that it's very posible but u need a good configuration. But sfo> remember: not all firewalls have port forwarding sfo> That is my opinion. Don't accept it if it's wrong :) sfo> cheers! sfo> Amigo_X >> Hi all >> >> I have a question, do you think, it is basicaly possible to tunnel >> packets from outside a fireall to hosts behind it to reach ports which >> are masqueraded? >> Eg. if a host in the LAN is listening at port 80 , but the firewall >> dont forward that port, and the WAN interface is listening at, lets >> say port 22 , can you tunnel trafic through the firewall at port 22 >> and hiting the host behind it at port 80 ? >> Do you see any possibilities? >> >> Ah, and please be free to ask other to join our list, i`ll be happy >> to add your recommendations. >> >> >> cheers! >> Adam >> >> >> <===========End of original message text=========== -- Best regards, Adam Pal mailto:pal_adam@xxxxxxx