[DeleGate-En] Re: Tunneling applications using HTTP
Yes the firewall checks that the traffic is HTTP. There is no issue about
violating security policy: The use is for a demo application and the setup
will be done by the firewall people. We want to try to minimize changes to
the firewall (such as opening ports) but instead setup thetunnel server
(remember the tunnel requires software on both sides of the Firewall) and
then remove the servers by wiping the demo machines clean.
Would appreciate if you could clarify your comment that DeleGate could be
setup: If you could send me a samle set of command lines to invoke Delegate
or the control files etc I would really appreciate it.
Please respond to firstname.lastname@example.org
cc: Amit Joshi/LBI/Liberty
Subject: Re: [DeleGate-En] Tunneling applications using HTTP
On 05/13/99(03:49) you email@example.com wrote
|I am trying to use delegate to setup a tunnel across a firewall that only
|What I want to do is the following:
|client <---generic tcp --->delegate <---http--->delegate<---generic
|where the client <-->server protocol is proprietary (actually structures
|sockets) and the http part (between the two delegated processes) passing
|through one or
|more firewalls. This is the classic http tunnel problem.
|I tried various combinations but they don't work. If there is no
|requirement of http in the
|middle then the tcprelay option works.
Do you mean that your firewall checks not only whether the port
number in packets is 80 but also whether the content of a packet
is in the message formats of HTTP protocol?
Even so I think you can configure cascaded DeleGates to tunnel
across such firewall. But I'm not sure whether or not such kind
of usage of DeleGate does not violate a security policy of a network...
Yutaka Sato <firstname.lastname@example.org> http://www.etl.go.jp/~ysato/ @ @
Computer Science Division, Electrotechnical Laboratory ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan _< >_