[DeleGate-En] Tunneling through HTTP
I am facing the same problem. Could you give me an example of how to do
this (tunneling applications through HTTP proxy server that checks to make
sure of HTTP content)? Security policy is not violated, however, we need to
keep down the open ports on the proxy. This is a special case and does not
violate policy. The Windows application opens custom TCP ports and cannot
be configured for a proxy server, so I need to figure out how to get this
Application --> DeleGate --> HTTP proxy that checks for HTTP content -->
Internet --> Another DeleGate server --> Destination host
-- Message in "Tunneling Applications through HTTP"
Yes the firewall checks that the traffic is HTTP. There is no issue about
violating security policy: The use is for a demo application and the setup
will be done by the firewall people. We want to try to minimize changes to
the firewall (such as opening ports) but instead setup thetunnel server
(remember the tunnel requires software on both sides of the Firewall) and
then remove the servers by wiping the demo machines clean.
Would appreciate if you could clarify your comment that DeleGate could be
setup: If you could send me a samle set of command lines to invoke Delegate
or the control files etc I would really appreciate it.
Please respond to email@example.com
cc: Amit Joshi/LBI/Liberty
Subject: Re: [DeleGate-En] Tunneling applications using HTTP
On 05/13/99(03:49) you firstname.lastname@example.org wrote
|I am trying to use delegate to setup a tunnel across a firewall that only
|What I want to do is the following:
|client <---generic tcp --->delegate <---http--->delegate<---generic
|where the client <-->server protocol is proprietary (actually structures
|sockets) and the http part (between the two delegated processes) passing
|through one or
|more firewalls. This is the classic http tunnel problem.
|I tried various combinations but they don't work. If there is no
|requirement of http in the
|middle then the tcprelay option works.
Do you mean that your firewall checks not only whether the port
number in packets is 80 but also whether the content of a packet
is in the message formats of HTTP protocol?
Even so I think you can configure cascaded DeleGates to tunnel
across such firewall. But I'm not sure whether or not such kind
of usage of DeleGate does not violate a security policy of a network...