I'm running my client from a location where only ports 80 and 443 are open and can only carry http traffic. My server cannot listen on port 80, my ISP blocks port 80. So, the only common denominator I have between my client (job) and server (home) is port 443. I need to run both web and telnet-ish (vnc) services. Hence, I need the tunnel through the httpd server.
I'll look into tcprelay. Thanks, Jim "Ian Holsman" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] have you thought of just opening a dedicated SSH port? or using a program like tcprelay on your firewall? I'm sure you've got your system admin's blessing on doing this, so these two options shouldn't be too much of a drama (seeing how he's willing for you to tunnel over http anyway) if you haven't just install a reverse telnet/ssh session on your destination. On 06/03/2004, at 9:38 AM, Jim Duda wrote: > Chris, > > Thanks. I installed the patch which you suggested. The > tunnel nows works. The performance is sluggish though. > I'm sure it's caused by all the overhead of the GET and POST > operations. > > Do you suspect the alternate suggestion might help the performance? > > Jim > > > > "Conti, Chris" <[EMAIL PROTECTED]> wrote in message > > news: > [EMAIL PROTECTED] > > If you refer to BUG 19954: > > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19954 > > This looks like the issue I was trying to patch. In the current 2.x > > codebase, the reverse proxy will effectively cache traffic until it > has > 8000 > > bytes to send. According to Jeff Trawick, the caching effect is > not an > > intended behavior, rather it is a network optimization that just > happens > to > > break tunneling of non-http traffic. > > > > I've been swamped at work for the last few months, and have not had > time > yet > > to rework my proposed patch based on the feedback in the bugzilla > report; > > but I believe the patch as proposed will solve your immediate > issue. Of > > course, feel free to rework the patch if you feel up to it! > > > > > > --------------------------------------------------------- > > Chris Conti > > mailto://[EMAIL PROTECTED] > > mailto://[EMAIL PROTECTED] > > > > > > If at first you do succeed, try not to look astonished. > > > > > > -----Original Message----- > > From: Jim Duda [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 04, 2004 9:41 PM > > To: [EMAIL PROTECTED] > > Subject: reverseproxy using httptunnel > > > > I'm trying to use GNU httptunnel > > (http://www.nocrew.org/software/httptunnel.html) > > behind apache using the reverseproxy feature. Apache version 2.0.48 > > > > I have reverseproxy working, as I have another machine behind > apache using > > this feature serving up html pages properly. Works great. > > > > I have apache running on my firewall. I only have 1 single common > port > > between my firewall and my client. I only have port 443 to work > with. > > I'm using port 443 with basic http. I need apache to server web > pages, > but > > I also need other non-web services. At first, I just want to get a > telnet > > client working, but hope to migrate to ssh later. I'm aware of the > security > > issues this imposes. My firewall is setup to only allow a client > connection > > on port 443 from the allowable location. > > > > My httpd.conf has the following - among other things (-: > > > > Listen 443 > > <VirtualHost *> > > ServerName <myserver>.com > > ProxyPass / http://localhost:8888/ > > ProxyPassReverse / http://localhost:8888/ </VirtualHost> > > > > I run the httptunnel server on the firewall machine. > > hts -F localhost:23 > > > > I run the httptunnel client on the client side. > > htc -F localhost:8000 <myserver>.com:443 > > > > On the client, I issue: > > telnet localhost 8000. > > > > On the server, I've used ethereal to watch the traffic. > > I see the client open a connection with apache on 443. > > I see apache open a connection with the hts server on port 8888. > > I see the hts server open a connection on port 23. > > I see the client send a POST and GET through apache to the > httptunnel > server > > on port 8888. > > The telnet port sends stuff to the httptunnel server port. > > > > The httptunnel server responds to the GET command with > > 15 bytes using 3 separate TCP packets back to the apache server. > > > > 0 (0000 02 .) > putline > > 0 (0000 00 0c ..) > putline > > 0 (0000 ff fd 18 ff fd 20 ff fd 23 ff fd 27 ..... > ..#..') > > putline > > > > I believe these 15 bytes are the beginning of the telnet > negotiation. > > > > I never see the 15 bytes comes out of the apache server on the > otherside > of > > the firewall towards the client. The client side is stopped > waiting for a > > response. > > > > I've turned on apache debugging and then used the printf debugging > approach > > and found I'm stuck inside proxy_http. > > > > I get the debug message > > "proxy: start body send" in logs/error_log > > > > I'm stuck in proxy_http.c, line 928 > > while (ap_get_brigade(rp->input_filters, > > bb, > > AP_MODE_READBYTES, > > APR_BLOCK_READ, > > conf->io_buffer_size) == > APR_SUCCESS) > > { > > > > The ap_get_brigade function never returns, and I'm stuck here. > > > > I get through this loop three times, before the httptunnel stops > sending > > data, then I'm stuck. The client needs to receive these bytes and > transmit > > to the server again before the server will send any more data. > > > > Am what I'm attempting completely wacked? > > > > Can anyone offer any pointers on what to look for next? > > > > I will continue to debug further. > > > > Thanks, > > > > Jim > > > > > > > > > > > > -- Ian Holsman Director Network Management Systems CNET Networks PH: (61) 3-9857-3742 (Australia)/ 415-344-2608 (USA)
