File: FAQ

package info (click to toggle)
httptunnel 3.3%2Bdfsg-4
  • links: PTS
  • area: main
  • in suites: bookworm, bullseye, buster, stretch
  • size: 924 kB
  • ctags: 457
  • sloc: ansic: 4,707; sh: 330; makefile: 26
file content (205 lines) | stat: -rw-r--r-- 8,953 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
 
Q: I'm not real sure what httptunnel can be used for exactly?

A: It's a generic tool for sending data in and out through an HTTP proxy.
   This is not very useful in itself, so you must run another program
   which uses this data "tunnel".  For example, you could use telnet
   to log in on a computer ouside the proxy.

Q: How do I get this going through a proxy?

A: On the server you must run hts. If I wanted to have port
   80 (http) redirect all traffic to port 23 (telnet) then
   it would go something like:

        hts -F server.test.com:23 80

   On the client you would run htc. If you are going through
   a proxy, the -P option is needed,otherwise omit it.

        htc -P proxy.corp.com:80 -F 22 server.test.com:80

   Then telnet localhost and it will redirect the traffic out
   to port 80 on the proxy server and on to port 80 of the
   server, then to port 23.           

Q: httptunnel craches my SuSE 5.3 box, why?

A: I don't know, but upgrading to 6.0 seems to help.

Q: I'm responsible for network security in our company.  My question
   is: are there any characteristics of the communication that may be
   detected at the proxy?

A: Maybe.  I make no guarantees.  Use the source.

Q: I wrote 'hts -d /dev/ptyq1' but 'cat </dev/ptyq1' returns an error.

A: Use 'cat </dev/ttyq1' instead.

Q: My friend runs hts at port 8888, but when I try to connect to it,
   there is no response.

A: As for now, hts can't handle multiple tunnels.  You must run your
   own instance of hts listening to another port.

Q: Is there a Windows/95/98/NT version?

A: It's possible to build and run httptunnel in the Cygwin environment.
   See http://sourceware.cygnus.com/cygwin/.

Q: Are there binaries of httptunnel for win32(Windows/95/98/NT) anywhere?

A: On the homepage, there is a link to someone maintaining
   win32 binaries.

Q: Is there a Macintoch version?

A: Not that I know of.

Q: My firewall requires HTTP user authentication (which is currently
   not supported by httptunnel). Do you plan to add something like
   that?

A: Yes.

Q: How hard would it be to implement "hts" as a cgi running on a
   normal web server?

A: hts can't be called directly from the HTTP server, because hts will
   service many connections during the lifetime of the tunnel.  If the
   HTTP server executed a new instance of hts every time a new request
   was made, each new hts wouldn't have access to the prior state of
   the tunnel.

   However, a CGI proxy which forwards the requests to a normal hts
   listening to a port != 80 whould most probably be quite trivial to
   implement.

Q: Have you thought of using HTTPS?

A: It has been suggested, but I'd rather avoid all the nasty export
   restrictions.  You can use external software to get an encrypted
   tunnel.

Q: On REMOTE (brugd.ctrl-c.liu.se) I do the following:
   hts -F localhost:23 8888

   This worked the first time, but never since... now I only get:
   hts: couldn't create tunnel

A: The first hts is still running in the background.

Q: On LOCAL (dhcp-XXX.enea.se) I do:
   htc -F 2323 -P internwebb/proxy2.pac:8000 brugd.ctrl-c.liu.se:8888

   Now, I try:
   [root@localhost httptunnel-1.101]# telnet localhost 2323
   Trying 127.0.0.1...
   telnet: Unable to connect to remote host: Connection refused

A: [Christian Brideau] http://internwebb/proxy2.pac:8000 is not
   exactly the proxy's adress.  This is the location of the
   Proxy-Auto-Configure (PAC) file.  This file contains the adress of
   the proxy server.  To discover the real adress, just go to an
   external web page using a browser and then use netstat to figure
   out what adress your browser is using.

Q: Why does 'configure' fail on HP-UX?

A: Because you haven't installed gcc.  If
	CFLAGS=-O ./configure
   doesn't work, you must get gcc, or at least an ANSI C compiler.

Q: When I use SSH (or VNC, or <insert other program here>) over GNU
   httptunnel, the program locks up after a few minutes (or hours).
   When I close the program and attempt to reconnect, SSH times out.
   What's wrong?

A: Your httptunnel connection has failed on the client end (possibly
   due to network congestion), but the server end has not recognized
   that the connection has been lost and won't allow another
   connection until the first connection times out.  To establish a
   more stable tunnel, try experimenting with the various options for
   the htc and hts programs.  The following settings seem to work
   pretty well for me, but your mileage may vary:

   hts -S --max-connection-age 20000 -F localhost:22 8890

   htc -F 8890 --strict-content-length -B 5k --max-connection-age 2000 \
   -P proxy.mycompany.com:8080 10.1.1.1:8890

Q: Okay, I've found some settings that seem to work for me, but I
   still get "locked out" on occasion and have to wait for the server
   end (hts) to time out.  Is there any way to reestablish the tunnel
   without waiting for hts to timeout?

A: Set up at least two tunnels.  After the first tunnel hangs, connect
   to the ffserver machine using SSH (or Telnet if you don't care
   about security) and manually kill the instance of the hts server
   that is hung and recreate the tunnel by running hts again.  Then
   you should be able to reconnect to the original tunnel.  BE SURE TO
   KILL THE TUNNEL THAT IS HUNG UP, NOT THE ONE TO WHICH YOU ARE
   CONNECTED!  How do you do this?  Here is an example of how to do
   this on Linux.  [On a Windows server, a similar technique should
   work, but it may be more difficult to distinguish between separate
   instances of hts on Windows because Task Manager only displays the
   name of the program (hts) and not the full command that launched
   it.]

   $ ps aux w|grep hts        #Use the 'w' option to see the entire line
                              #so that you can determine which instance of
			      #hts to kill depending on the port number.

   my_user_name  7268  0.0  0.3  1692  768 ?        S    Sep24   0:00 hts -S -F localhost:22 8890
   my_user_name  7270  0.0  0.2  1692  744 ?        S    Sep24   0:00 hts -S -F localhost:22 8891
   my_user_name 10515  0.0  0.2  1692  720 ?        S    15:37   0:00 hts -S -F localhost:22 8889
   my_user_name 10549  0.0  0.2  1624  616 pts/2    S    15:40   0:00 grep hts

   $ kill 10515        #assuming that the httptunnel on port 8889 is the one
                       #that has hung up

   $ hts -S -F localhost:22 8889  #restart hts with the same options to
                                  #reestablish the tunnel.

   Once you have reestablished  the tunnel, your existing instance of htc on
   the client should be able to reestablish the tunnel without any additional
   steps.  If in doubt, you could also kill htc on the client and rerun htc,
   but I have not generally found that to be necessary.

Q: Why do I keep getting errors like the ones listed below in my
   Application Event Log while using htc on Windows?  What does "HTTP
   error -503" mean?
   
   9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
   Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
   have the necessary registry information or message DLL files to display
   messages from a remote computer. The following information is part of the
   event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : exit
   with status = 1.
   
   9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
   Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
   have the necessary registry information or message DLL files to display
   messages from a remote computer. The following information is part of the
   event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : couldn't
   open tunnel: I/O error.
   
   9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
   Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
   have the necessary registry information or message DLL files to display
   messages from a remote computer. The following information is part of the
   event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC :
   http_error_to_errno: HTTP error -503.
   
   9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for
   Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not
   have the necessary registry information or message DLL files to display
   messages from a remote computer. The following information is part of the
   event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC :
   tunnel_in_connect: HTTP error 503.

A: HTTP 503 is the standard HTTP error that means "Service
   Unavailable."  In this case, it means that the htc client cannot
   connect to the server.  In the example above, the hts program had
   not yet been started on ther server side, but the same error might
   indicate other types of network or server errors.