Article delegate-en/478 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Tunneling applications using HTTP
21 May 1999 14:06:57 GMT

Yes the firewall checks that the traffic is HTTP. There is no issue about
violating security policy: The use is for a  demo application and the setup
will be done by the firewall people. We want to try to minimize changes to
the firewall (such as opening ports)  but instead setup  thetunnel server
(remember the tunnel requires software on both sides of the Firewall) and
then remove the servers by wiping the demo machines clean.

Would appreciate if you  could clarify your comment that DeleGate could be
setup: If you could send me a samle set of command lines to invoke Delegate
or the control files etc I would really appreciate it.


Amit Joshii

ysato/55:41 AM

Please respond to

cc:   Amit Joshi/LBI/Liberty
Subject:  Re: [DeleGate-En] Tunneling applications using HTTP

On 05/13/99(03:49) you wrote
in <_A445@delegate-en.ML_>
 |I am trying to use delegate to setup a tunnel across a firewall that only
 |permits http.
 |What I want to do is the following:
 |client <---generic tcp --->delegate <---http--->delegate<---generic
 |where the client <-->server protocol is proprietary (actually structures
 |passed over
 |sockets) and the http part (between the two delegated processes) passing
 |through one or
 |more firewalls. This is the classic http tunnel problem.
 |I tried various combinations but they don't work. If there is no
 |requirement of http in the
 |middle then the tcprelay option works.
Do you mean that your firewall checks not only whether the port
number in packets is 80 but also whether the content of a packet
is in the message formats of HTTP protocol?
Even so I think you can configure cascaded DeleGates to tunnel
across such firewall.  But I'm not sure whether or not such kind
of usage of DeleGate does not violate a security policy of a network...
Yutaka Sato <>   @ @
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]