Article delegate-en/484 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A478@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Tunneling applications using HTTP
25 May 1999 03:55:01 GMT ysato@etl.go.jp (Yutaka Sato)


On 05/21/99(23:06) you p3yaqbdyi-e6yerocu2xtr.ml@ml.delegate.org wrote
in <_A478@delegate-en.ML_>
 |Yes the firewall checks that the traffic is HTTP. There is no issue about
 |violating security policy: The use is for a  demo application and the setup
 |will be done by the firewall people. We want to try to minimize changes to
 |the firewall (such as opening ports)  but instead setup  thetunnel server

I see.  So my next question is if your firewall pass or not CONNECT
method of HTTP.  It can be checked by running a DeleGate server on
(or outside of) firewall like:

  # delegated -v -P80 RELIABLE=insideHost

then connecting this DeleGate from inside host with telnet like:

  % telnet delegateHost 80
  Trying xxx.xxx.xxx.xxx...
  Connected to delegateHost.
  Escape character is '^]'.
  CONNECT wall.etl.go.jp:21 HTTP/1.0

  HTTP/1.0 200 Connection established.

  220- wall.etl.go.jp PROXY-FTP server (DeleGate/5.9.1) ready.
  220-   @ @
  220-  ( - ) { DeleGate/5.9.1 (March 15, 1999) }
  ...

If this is possible in your network environment, you can use this
connection, established by CONNECT method, for relaying arbitrary
communication between DeleGates.

 [DeleGate on outside (server side) host]
  delegated -P80 RELIABLE=insideHost

 [DeleGate on inside (client side) host]
  delegated -P8080 CONNECT=https SSLTUNNEL=outsideHost:80 
          (and SERVER=http://host for example if necessary)

In truth I'm not sure if this tunneling mechanism of DeleGate
(which uses CONNECT method originally aimed for HTTPS/SSL tunneling)
is practical or not.  At least it does not work with
FTP data-connection.  If you need relaying FTP, you might be able
to do it running one more DeleGate (A) on client side which is devoted
to relay a DeleGate-DeleGate protocol on the HTTPS/SSL tunnel, and
another (other) DeleGate(s) which uses this DeleGate-DeleGate
tunnel (on HTTPS/SSL tunnel) to relay its own specific protocol (B,C,D). 

 [DeleGates on inside (client side) host]
  delegated -P8888 CONNECT=https SSLTUNNEL=outsideHost:80 \           (A)
            SERVER=tcprelay://outsideHost:80
  delegated -P8080 CONNECT=master MASTER=localhost:8888 SERVER=http   (B)
  delegated -P8021 CONNECT=master MASTER=localhost:8888 SERVER=ftp    (C)
  delegated -P8083 CONNECT=master MASTER=localhost:8888 SERVER=telnet (D)
  ...

Cheers,
Yutaka
--
Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V