On Friday 05 January 2007 17:00, Etaoin Shrdlu wrote:
> On Friday 5 January 2007 16:53, Mick wrote:
> > > More about that here:
> > >
> > > "Why TCP over TCP is a Bad Idea"
> > > http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
> >
> > Hmm, that explains why running VCN through ssh gets a bit ropy at
> > times?
>
> Do you mean VNC?

Yes, if only I could type properly!  ;-)

> > So, is port forwarding for browsing and emails through ssh a
> > bad idea then?
>
> No, because with ssh port forwarding you just forward the data coming
> from/going to the application (eg, mailreader) without stacking
> additional protocols (as in, for example, ppp or ip over ssh), for which
> you need some way of forwarding IP-or-lower-level data between
> interfaces (for example, using tun/tap).
> Some programs (like openvpn) overcome the issue by using tcp-over-udp by
> default.

OK.  I don't think I need to run a full VPN.  I just want to securely connect 
to my router at home while I am out & about using public wifi hot spots and 
thereby to be able to connect to the internet using my ISP for browsing & 
email.  The only ports I should need to forward via ssh to the router/server 
are those serving http/https for browsing and 110/995/143/25/587 for email.

If the above assumptions are correct then what sort of a hardware router would 
I need?  (Either a straight off the shelf product, or one with modified 
firmware).

Friends and colleagues often ask me how to achieve this, but all I 
can think is running a PC on the LAN as a server for this purpose - isn't this 
effectively a SOCKS5 server or am I getting mixed up here?

No idea how to achieve the same functionality using the embedded OS of a 
hardware router.

Thank you for your help.
-- 
Regards,
Mick