Re: IP over HTTP?

From: Oliver Fromme <olli_at_lurza.secnetix.de>
Date: Thu, 16 Aug 2007 13:22:39 +0200 (CEST)
Kris Kennaway wrote:
 > Randall Stewart wrote:
 > > Julian Elischer wrote:
 > > > Kip Macy wrote:
 > > > > Randall Stewart wrote:
 > > > > > [IP over HTTP]
 > > > > > Just curious.. as anyone did this on BSD?
 > > > > 
 > > > > I can guess. I believe there is an IPoDNS netgraph module floating
 > > > > around that *might* make a good reference.
 > > > 
 > > > hmm  OMG
 > > > /usr/ports/net/iodine  !!
 > > 
 > > Perfect...
 > > 
 > > With some hacking I can use this as a starting point to make
 > > it run over web..
 > 
 > You mean like www/httptunnel? :)
 > 
 > Basically all you need is a method of bidirectionally passing data
 > over whatever lower layer you want, then you can run ppp(8) over it.

Or use ssh(1)'s -w option on top of www/httptunnel to
forward a tun(4) interface through the http connection.
It's dead easy.

You can even set up a http tunnel with tools from the
base system only, without needing anything from the ports
collection.  Just add this line to your ssh config:

ProxyCommand /usr/bin/nc -X connect -x $PN:$PP %h %p

where $PN is the proxy name and $PP is the proxy port.
The use this command to establish an IP tunnel to
$REMOTE_HOST (port 22):

ssh -w any:any $REMOTE_HOST

Or, if a different port $SSH_PORT is used:

ssh -w any:any -p $SSH_PORT $REMOTE_HOST

It will allocate one tun(4) device locally and one remote,
which you then can configure with ifconfig(8).  Requires
root priviledges, of course.

Note, however, that some HTTP proxies are configured to
disallow connections to arbitrary ports, for security
reasons.  If that's the case for you, run you sshd server
on port 443 wich should always be allowed by proxies
(only possible if you don't already run a HTTPS server
on port 443, of course).  Note that you can have multiple
"port" commands in your sshd_config, i.e. you can run your
sshd server on both the standard port 22 and port 443.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"Python tricks" is a tough one, cuz the language is so clean. E.g.,
C makes an art of confusing pointers with arrays and strings, which
leads to lotsa neat pointer tricks; APL mistakes everything for an
array, leading to neat one-liners; and Perl confuses everything
period, making each line a joyous adventure <wink>.
        -- Tim Peters
Received on Thu Aug 16 2007 - 09:22:59 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:16 UTC