-
Notifications
You must be signed in to change notification settings - Fork 103
/
FAQ
205 lines (152 loc) · 8.75 KB
/
FAQ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
Q: I'm not real sure what httptunnel can be used for exactly?
A: It's a generic tool for sending data in and out through an HTTP proxy.
This is not very useful in itself, so you must run another program
which uses this data "tunnel". For example, you could use telnet
to log in on a computer outside the proxy.
Q: How do I get this going through a proxy?
A: On the server you must run hts. If I wanted to have port
80 (http) redirect all traffic to port 23 (telnet) then
it would go something like:
hts -F server.test.com:23 80
On the client you would run htc. If you are going through
a proxy, the -P option is needed,otherwise omit it.
htc -P proxy.corp.com:80 -F 22 server.test.com:80
Then telnet localhost and it will redirect the traffic out
to port 80 on the proxy server and on to port 80 of the
server, then to port 23.
Q: httptunnel crashes my SuSE 5.3 box, why?
A: I don't know, but upgrading to 6.0 seems to help.
Q: I'm responsible for network security in our company. My question
is: are there any characteristics of the communication that may be
detected at the proxy?
A: Maybe. I make no guarantees. Use the source.
Q: I wrote 'hts -d /dev/ptyq1' but 'cat </dev/ptyq1' returns an error.
A: Use 'cat </dev/ttyq1' instead.
Q: My friend runs hts at port 8888, but when I try to connect to it,
there is no response.
A: As for now, hts can't handle multiple tunnels. You must run your
own instance of hts listening to another port.
Q: Is there a Windows/95/98/NT version?
A: It's possible to build and run httptunnel in the Cygwin environment.
See http://sourceware.cygnus.com/cygwin/.
Q: Are there binaries of httptunnel for win32(Windows/95/98/NT) anywhere?
A: On the homepage, there is a link to someone maintaining
win32 binaries.
Q: Is there a Macintosh version?
A: Not that I know of.
Q: My firewall requires HTTP user authentication (which is currently
not supported by httptunnel). Do you plan to add something like
that?
A: Yes.
Q: How hard would it be to implement "hts" as a cgi running on a
normal web server?
A: hts can't be called directly from the HTTP server, because hts will
service many connections during the lifetime of the tunnel. If the
HTTP server executed a new instance of hts every time a new request
was made, each new hts wouldn't have access to the prior state of
the tunnel.
However, a CGI proxy which forwards the requests to a normal hts
listening to a port != 80 whould most probably be quite trivial to
implement.
Q: Have you thought of using HTTPS?
A: It has been suggested, but I'd rather avoid all the nasty export
restrictions. You can use external software to get an encrypted
tunnel.
Q: On REMOTE (brugd.ctrl-c.liu.se) I do the following:
hts -F localhost:23 8888
This worked the first time, but never since... now I only get:
hts: couldn't create tunnel
A: The first hts is still running in the background.
Q: On LOCAL (dhcp-XXX.enea.se) I do:
htc -F 2323 -P internwebb/proxy2.pac:8000 brugd.ctrl-c.liu.se:8888
Now, I try:
[root@localhost httptunnel-1.101]# telnet localhost 2323
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
A: [Christian Brideau] http://internwebb/proxy2.pac:8000 is not
exactly the proxy's address. This is the location of the
Proxy-Auto-Configure (PAC) file. This file contains the address of
the proxy server. To discover the real address, just go to an
external web page using a browser and then use netstat to figure
out what address your browser is using.
Q: Why does 'configure' fail on HP-UX?
A: Because you haven't installed gcc. If
CFLAGS=-O ./configure
doesn't work, you must get gcc, or at least an ANSI C compiler.
Q: When I use SSH (or VNC, or <insert other program here>) over GNU
httptunnel, the program locks up after a few minutes (or hours).
When I close the program and attempt to reconnect, SSH times out.
What's wrong?
A: Your httptunnel connection has failed on the client end (possibly
due to network congestion), but the server end has not recognized
that the connection has been lost and won't allow another
connection until the first connection times out. To establish a
more stable tunnel, try experimenting with the various options for
the htc and hts programs. The following settings seem to work
pretty well for me, but your mileage may vary:
hts -S --max-connection-age 20000 -F localhost:22 8890
htc -F 8890 --strict-content-length -B 5k --max-connection-age 2000 \
-P proxy.mycompany.com:8080 10.1.1.1:8890
Q: Okay, I've found some settings that seem to work for me, but I
still get "locked out" on occasion and have to wait for the server
end (hts) to time out. Is there any way to reestablish the tunnel
without waiting for hts to timeout?
A: Set up at least two tunnels. After the first tunnel hangs, connect
to the ffserver machine using SSH (or Telnet if you don't care
about security) and manually kill the instance of the hts server
that is hung and recreate the tunnel by running hts again. Then
you should be able to reconnect to the original tunnel. BE SURE TO
KILL THE TUNNEL THAT IS HUNG UP, NOT THE ONE TO WHICH YOU ARE
CONNECTED! How do you do this? Here is an example of how to do
this on Linux. [On a Windows server, a similar technique should
work, but it may be more difficult to distinguish between separate
instances of hts on Windows because Task Manager only displays the
name of the program (hts) and not the full command that launched
it.]
$ ps aux w|grep hts #Use the 'w' option to see the entire line
#so that you can determine which instance of
#hts to kill depending on the port number.
my_user_name 7268 0.0 0.3 1692 768 ? S Sep24 0:00 hts -S -F localhost:22 8890
my_user_name 7270 0.0 0.2 1692 744 ? S Sep24 0:00 hts -S -F localhost:22 8891
my_user_name 10515 0.0 0.2 1692 720 ? S 15:37 0:00 hts -S -F localhost:22 8889
my_user_name 10549 0.0 0.2 1624 616 pts/2 S 15:40 0:00 grep hts
$ kill 10515 #assuming that the httptunnel on port 8889 is the one
#that has hung up
$ hts -S -F localhost:22 8889 #restart hts with the same options to
#reestablish the tunnel.
Once you have reestablished the tunnel, your existing instance of htc on
the client should be able to reestablish the tunnel without any additional
steps. If in doubt, you could also kill htc on the client and rerun htc,
but I have not generally found that to be necessary.
Q: Why do I keep getting errors like the ones listed below in my
Application Event Log while using htc on Windows? What does "HTTP
error -503" mean?
9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
have the necessary registry information or message DLL files to display
messages from a remote computer. The following information is part of the
event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : exit
with status = 1.
9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
have the necessary registry information or message DLL files to display
messages from a remote computer. The following information is part of the
event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : couldn't
open tunnel: I/O error.
9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
have the necessary registry information or message DLL files to display
messages from a remote computer. The following information is part of the
event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC :
http_error_to_errno: HTTP error -503.
9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
have the necessary registry information or message DLL files to display
messages from a remote computer. The following information is part of the
event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC :
tunnel_in_connect: HTTP error 503.
A: HTTP 503 is the standard HTTP error that means "Service
Unavailable." In this case, it means that the htc client cannot
connect to the server. In the example above, the hts program had
not yet been started on their server side, but the same error might
indicate other types of network or server errors.