I wrote a very well self-documented script
to pierce firewalls, fwprc 0.1,
available from my site
http://www.tunes.org/~fare/files/.
I tested it in several settings, by configuring it through resource files.
But of course, by Murphy's law, it will break for you.
The name is voluntarily made unreadable and unpronounceable, so that it will confuse the incompetent paranoid sysadm who might be the cause of the firewall that annoys you (of course, there can be legitimate firewalls, too). If you must read it aloud, choose the worst way you can imagine.
CONTEST! CONTEST! Send me an audio file with a digital audio recording of how you pronounce "fwprc". Worst entry will win a free upgrade and his name on the fwprc 0.2 page!
fwprc can be customized through a file .fwprcrc
meant to be the same on both sides of the firewall.
Having several alternate configurations to choose from is sure possible
(for instance, I do it),
and is left as an exercise to the reader.
To begin with, copy the appropriate section of fwprc
(the previous to last) into a file named .fwprcrc
in your home directory.
Then replace variable values with stuff that fits your configuration.
Finally, copy to the other host, and test.
Default behavior is to use pppd locally, and slirp remotely.
To modify that, you can redefine the appropriate function
in your .fwprcrc with such a line as:
remote_IP_emu () { remote_pppd }