File: desproxy.1

package info (click to toggle)
desproxy 0.1.0~pre3-1
links: PTS, VCS
area: main
in suites: lenny
size: 400 kB
ctags: 167
sloc: ansic: 1,749; makefile: 135; sh: 43
file content (435 lines) | stat: -rw-r--r-- 15,442 bytes
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.\"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "desproxy 1"
.TH desproxy 1 "2008-01-29" "desproxy" "2008-01-29"
.SH "NAME"
desproxy \- a TCP tunnel for HTTP proxies
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\&  desproxy remote_host remote_port proxy_host proxy_port local_port
.Ve
.SH "OPTIONS"
.IX Header "OPTIONS"
None.
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\s-1HTTP\s0 proxies are network servers that are used to give \s-1HTTP\s0 (web)
access to computers that are not connected to the Internet. This is a
typical scenario in corporate networks and recently in home networks
too. \s-1HTTP\s0 proxies connect to the Internet either directly or via a
parent proxy (which in fact connects to the Internet directly or via
another parent proxy, and so on...)
.PP
\&\s-1HTTP\s0 clients (web browsers) use \s-1HTTP\s0 proxies to request web pages; the
\&\s-1HTTP\s0 server just forwards those request to the destination server. All
the negotiation is done via the \s-1HTTP\s0 protocol, which is designed just
to carry \s-1HTTP\s0 requests and no generic (\s-1TCP/IP\s0) traffic. That is why you
can't (normally) use Internet applications beside your web server if
you are behind a \s-1HTTP\s0 proxy.
.PP
That is what desproxy is good for. Desproxy is a \s-1TCP\s0 tunnel, which
means desproxy can forward \s-1TCP/IP\s0 traffic via a \s-1HTTP\s0 proxy. Desproxy
uses a \s-1HTTP/1\s0.1 method (\s-1CONNECT\s0) to establish \s-1TCP/IP\s0 connections on
demand. \s-1CONNECT\s0 is used for \s-1SSL\s0 connections when accessing to secure
sites, so if you can access sites that support \s-1SSL\s0 (www.hotmail.com for
example) you can use desproxy.
.PP
Not all \s-1IP\s0 (Internet) traffic is just \s-1TCP/IP\s0. In fact there are two
more protocols widely used in the Internet not supported by desproxy:
\&\s-1UDP\s0 and \s-1ICMP:\s0
.IP "\(bu" 4
\&\s-1ICMP\s0 is used to manage large \s-1IP\s0 networks. The only application using
\&\s-1ICMP\s0 you may miss is ping.
.IP "\(bu" 4
\&\s-1UDP\s0 is an unreliable connection-less fast transport protocol,
mostly used in network games and other applications that need low
latency network traffic. Notably \s-1DNS\s0 uses \s-1UDP\s0 packets for fast
delivery.
.Sh "Will desproxy work with my \s-1HTTP\s0 proxy?"
.IX Subsection "Will desproxy work with my HTTP proxy?"
Short answer: just give it a try
.PP
Long answer: desproxy should work with every \s-1HTTP\s0 proxy, with the
following exceptions:
.IP "\(bu" 4
\&\s-1MS\s0 Proxies with \s-1NTLM\s0 authentication. \s-1NTLM\s0 is a proprietary
authentication method from Microsoft, not a standard authentication
method. Maybe in the future desproxy will support \s-1NTLM\s0
authentication, but currently it doesn't.
.IP "\(bu" 4
\&\s-1HTTP/1\s0.0 Proxies. Desproxy needs the \s-1CONNECT\s0 method, which is only
available from \s-1HTTP/1\s0.1 protocol version. It's very unlikely your
proxy doesn't accept \s-1HTTP/1\s0.1 requests.
.IP "\(bu" 4
\&\s-1HTTP/1\s0.1 Proxies without the \s-1CONNECT\s0 method. Maybe your network
administrator deactivated \s-1CONNECT\s0 support in the proxy, or maybe
\&\s-1CONNECT\s0 is restricted to the \s-1HTTPS\s0 port (443).
.Sh "Assumptions"
.IX Subsection "Assumptions"
Let's assume the following:
.IP "\(bu" 4
your \s-1HTTP\s0 proxy host name is \*(L"proxy\*(R" and its address is \*(L"192.0.0.1\*(R"
.IP "\(bu" 4
your \s-1HTTP\s0 proxy port is \*(L"8080\*(R"
.IP "\(bu" 4
your \s-1HTTP\s0 proxy doesn't need authentication. It case you need \s-1HTTP\s0
authentication, please read [2]this.
.IP "\(bu" 4
your system console will be a terminal (xterm, the console or a
virtual terminal) if you are running Linux, *BSD or other UN*X
.Sh "About connections"
.IX Subsection "About connections"
Imagine you need a network application that uses only one \s-1TCP/IP\s0
connection with just one server. That's the case of \s-1IRC\s0 in which you
connect to an \s-1IRC\s0 server or ssh where you tipically connect just to one
\&\s-1UNIX\s0 computer at a time. That's what I called a \*(L"static connection\*(R".
.PP
Of course that's not the case of a web browser or a file sharing
program, both of them doing several connections at a time to different
computers. That's what I call \*(L"dynamic connections\*(R".
.SH "STATIC CONNECTIONS EXAMPLES"
.IX Header "STATIC CONNECTIONS EXAMPLES"
.Sh "item How to use desproxy to connect to \s-1IRC\s0"
.IX Subsection "item How to use desproxy to connect to IRC"
Suppose you want to connect to \s-1IRC\s0 using irc.undernet.org port 6667 as
your \s-1IRC\s0 server. First you have to start a system console (see
Assumptions above for details) and type
.PP
.Vb 1
\&    desproxy irc.undernet.org 6667 proxy 8080 1080
.Ve
.PP
That should start desproxy, giving you the copyright notice along with
some information. The following is a screen capture from desproxy
0.0.23
.PP
.Vb 2
\&    \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
\&    desproxy                     0.0.23
.Ve
.PP
.Vb 1
\&    (c) Miguelanxo Otero Salgueiro 2001
.Ve
.PP
.Vb 2
\&    This release brought to you patched
\&    by Rutger Nijlunsig.
.Ve
.PP
.Vb 2
\&    See RutgerWork.txt in documentation
\&    for details about new features.
.Ve
.PP
.Vb 4
\&    Great work guy!
\&    \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
\&    TCP port 1080 Binded & Listening
\&    Press ENTER to Quit
.Ve
.PP
Desproxy reports it is listening in local port 1080 ready for a
connection.
.PP
Open your favourite \s-1IRC\s0 client (install it first ;D) and connect to
127.0.0.1 port 1080 as your irc server (127.0.0.1 is a virtual \s-1IP\s0,
always referencing to your local machine). Then, your \s-1IRC\s0 client should
connect to desproxy. It looks like
.PP
.Vb 3
\&    Connection request from 127.0.0.1, port 1220
\&    Connecting to http proxy (proxy:8080)
\&    Bidirectional connection established
.Ve
.PP
Then you should be able to use your \s-1IRC\s0 client as if you were directly
connected to irc.undernet.org.
.Sh "How to use desproxy to log in a computer using ssh"
.IX Subsection "How to use desproxy to log in a computer using ssh"
Suppose you have a shell account in a computer that supports secure
connections via ssh. Let's assume it's called shell.corporate.com. \s-1SSH\s0
uses port number 22 by default. So start a new system console and type:
.PP
.Vb 1
\&   desproxy shell.corporate.com 22 proxy 8080 1080
.Ve
.PP
Then, tell your ssh client to connect to localhost (127.0.0.1) port
1080 and you should get a ssh password prompt!
.Sh "How to use desproxy to use other static clients"
.IX Subsection "How to use desproxy to use other static clients"
Let's assume you want to use network application X, which doesn't
support \s-1HTTP\s0 proxies but use one \s-1TCP/IP\s0 connection (like \s-1IRC\s0 and \s-1SSH\s0).
To make X work with desproxy, you just have to 1) Search for the
default port of that application 2) Search for the default server of
that application and 3) Start desproxy, passing that info as command
line parameters. Format is
.PP
.Vb 1
\&    desproxy remote_host remote_port proxy_host proxy_port local_port
.Ve
.PP
Just give a local_port of your desire, but always over 1023, cause
lower ports may need administrator privileges.
.Sh "About \s-1HTTP\s0 Authentication"
.IX Subsection "About HTTP Authentication"
Some \s-1HTTP\s0 proxies need for security reasons a method of checking
client's identity. That's called \s-1HTTP\s0 authentication (or \s-1HTTP\s0
authorization).
.PP
Despoxy now supports Basic \s-1HTTP\s0 authentication. If your proxy needs
other kind of authentication (either Digest or \s-1NTLM\s0) desproxy won't
work.
.PP
For desproxy to work with a \s-1HTTP\s0 proxy that needs authentication, you
have to tell desproxy which username and password to use. Desproxy
reads the environment variable \s-1PROXY_USER\s0 to get that info.
.PP
Suppose your proxy username is \*(L"mayka\*(R" and your proxy password is
\&\*(L"007sgotLTK\*(R". Then, before using any of the desproxy programs you
should type this in your system console:
.PP
.Vb 1
\&    set PROXY_USER=mayka:007sgotLTK
.Ve
.PP
Beware passwords can include some characters that should be escaped
from the system console. For example, if your password is \*(L"moon!=sun\*(R",
and you are running Linux, you should type
.PP
.Vb 1
\&    export PROXY_USER=yourusername:moon\e!\e=sun
.Ve
.PP
Note characters \*(L"!\*(R" and \*(L"=\*(R" are escaped using the backslash \*(L"\e\*(R". If you
are running \s-1MS\s0 Windows, as long as I know, you don't have to escape any
valid password character.
.PP
head1 Troubleshooting
.PP
A normal desproxy session looks like this:
.PP
.Vb 1
\&    $ desproxy 127.0.0.1 21 127.0.0.1 4480 2222
.Ve
.PP
.Vb 2
\&    \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
\&    desproxy                  <version>
.Ve
.PP
.Vb 3
\&    HTTP/1.1
\&    (c) Miguelanxo Otero Salgueiro 2001
\&    \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
.Ve
.PP
.Vb 6
\&    Listening on port 2222
\&    Connection request from 127.0.0.1, port 1227
\&    Connecting to http proxy (127.0.0.1:4480)
\&    Bidirectional connection stablished
\&    (127.0.0.1:21) <\-> (localhost)
\&    End of connection.
.Ve
.PP
Here, a connection to local ftp server (127.0.0.1:21) is made by using local
proxy (127.0.0.1:4480). You can see how, after the connection is
accepted, desproxy connected to the proxy, interchanged some bytes (a
\&\s-1FTP\s0 session) and terminates the connection.
.PP
Desproxy is quite self explanatory about errors. Desproxy-inetd is far
more obscure, because the way inetd uses it (can't print error
messages) to the console.
.PP
Basically there are two kind of errors:
.IP "\(bu" 4
Errors reported when connecting to the proxy: the http page showing
the error is displayed.
.IP "\(bu" 4
Every other error: a short error message is displayed.
.PP
Some common \s-1HTTP\s0 errors (as reported by the proxy)
.PP
.Vb 13
\&     * HTTP 400 Bad Request \- Some versions of desproxy (0.0.21) cause
\&       this error (FATAL)
\&     * HTTP 403 Forbidden \- Forbidden to do that (FATAL)
\&     * HTTP 404 Not Found \- Page not found, or resource not found (MINOR)
\&     * HTTP 405 Method not Allowed \- Can\(aqt do CONNECT method (FATAL)
\&     * HTTP 500 Internal Server Error \- Maybe you\(aqre trying to connect to
\&       a remote closed port (remote site reported connection refused)
\&       (MINOR)
\&     * HTTP 503 Service Unavailable \-> The proxy can\(aqt reach the site
\&       (MINOR)
\&     * HTTP 505 HTTP Version Not Supported \- CONNECT method not available
\&       (FATAL)
\&     * HTTP 502 Bad Gateway \- Stands for "DNS lookup error" (MINOR)
.Ve
.PP
(\s-1FATAL\s0) \- Forget about using desproxy, you can't surpass the proxy.
(\s-1TODO\s0) \- To do, not yet implemented.
(\s-1MINOR\s0) \- Temporary fault or maybe your fault.
.SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
.IP "\s-1PROXY_USER\s0" 4
.IX Item "PROXY_USER"
An example:
.Sp
.Vb 1
\&   PROXY_USER=mayka:007sgotLTK
.Ve
.Sp
Beware passwords can include some characters that should be escaped
from the system console. For example, if your password is \*(L"moon!=sun\*(R",
and you are running Linux, you should type
.IP "\s-1PROXY_USER\s0" 4
.IX Item "PROXY_USER"
An example:
.Sp
.Vb 1
\&    PROXY_USER=yourusername:moon\e!\e=sun
.Ve
.Sp
Note characters \*(L"!\*(R" and \*(L"=\*(R" are escaped using the backslash \*(L"\e\*(R".
.SH "FILES"
.IX Header "FILES"
None.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdnsproxy\-dns\fR\|(1), \fIdnsproxy\-inetd\fR\|(1), \fIdnsproxy\-socksserver\fR\|(1), \fIconnect\fR\|(1)
.SH "AUTHORS"
.IX Header "AUTHORS"
This manual page was written by Jari Aalto <jari.aalto@cante.net>, for
the Debian \s-1GNU\s0 system (but may be used by others). Released under
license \s-1GPL\s0 v2 or, at your option, any later version.