Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Make a 'tunnel' through a proxy server Network
From http://www.nocrew.org/software/httptunnel.html:

"httptunnel creates a bidirectional virtual data connection tunnelled in HTTP requests. The HTTP requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through a HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall."

Translation: As long as your proxy allows access to web pages, and you have access to both a machine inside the firewall as well as a machine outside the firewall capable of running httptunnel, you can run any one TCP/IP service through the firewall -- such as Apple Filing Protocol (iDisk, iTools, AppleTalk/AppleShare via TCP/IP), gnutella, Unreal Tournement server, etc. -- between the two machines.

Read the rest of this article if you'd like a step-by-step how-to on getting httptunnel working on OS X...

Skinlayers

[Editor's note: You'll need the Developer's Tools installed to compile the program.]

So far, httptunnel works on *NIX machines and Windows (both Win32 and WinNT). As an experiment, I was able to download and compile the source code. To do this:
  1. 1) goto http://www.nocrew.org/software/httptunnel.html
  2. Download the latest stable source (at the time of this writing, it's "httptunnel-3.0.5.tar.gz")
  3. Open a Terminal window
  4. Goto the directory that you downloaded the source to
  5. untar the source code. Using the above file as an example, it would be:
    tar zxf httptunnel-3.0.5.tar.gz
  6. go into the folder created. In the above example it would be httptunnel-3.0.5
  7. type: ./configure [hit Enter]
  8. type: make [hit Enter] followed by sudo make all [hit Enter]
  9. enter your admin password at the prompt
This installs the programs hts (httptunnel server) and htc (httptunnel client) in /usr/local/bin/.

To use:
You have to run hts on the machine outside the firewall (i.e. Computer at home connect via DSL or Cable modem). Typing:
hts -h
at the Terminal will give you various server options. hts must be told:

a) what port to listen for incoming requests on
b) where to redirect those requests

The port that hts listens for requests on is arbitrary. Any port will work as long as it is not already in use.

htc is run on the machine inside of the firewall. It must be told:

a) what host it's connecing to (i.e. the machine outside the firewall running hts)
b) what port to connect to on the host (the arbitrary port mentioned earlier)
c) (optional, but most useful) what proxy to use

Example:
I want to share files between my OS X box at home and my OS X box at work using AFP (TCP/IP port 548). My proxy server is at 10.0.0.1 and does HTTP proxing on port 8888, the IP address of my computer outside the firewall is 123.456.789.10, and I'll be using 666 as my arbitrary port.

On the OS X box outside the firewall, from the Terminal type I would type:
hts -F 127.0.0.1:548 666
This will forward all incoming HTTP requests on port 666 to port 548 on the machine hts is running on (note: 127.0.0.1 always means "this" computer).

On the OS X box inside the firewall , from the Terminal type I would type:
htc -F 548 -P 10.0.0.1:8888 123.456.789.10:666
Now the machine inside the firewall I would use the Finder's "Go -> Connect to Server..." menu item. For the server name I would enter 127.0.0.1 (since the machine inside the firewall is acting as the server redirecting to outside the firewall). Presto! You should now be able to move files both ways through the firewall transparently.
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[34,458 views]  

Make a 'tunnel' through a proxy server | 6 comments | Create New Account
Click here to return to the 'Make a 'tunnel' through a proxy server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
MUST BE RAN AS ROOT
Authored by: skinlayers on Aug 03, '01 01:59:48PM

I found with some experimentation that both htc and hts must be ran as root. There are a couple of ways of doing this:
1)sudo
using the above example in the instructions:
sudo hts -F 127.0.0.1:548 666
and
sudo htc -F 548 -P 10.0.0.1:8888 123.456.789.10:666
and enter your admin password at the prompts.
This executes this specific command as root.
2)sudo tcsh
this starts another tcsh (the default Terminal shell in OS X) as root. Becareful, anything you do while in this terminal session will be done as root.
3)su
or
su root
You may only use this option if you have previously enabled the root user <see above warning>.

Skinlayers



[ Reply to This | # ]
MUST BE RAN AS ROOT
Authored by: lirapd on Sep 05, '02 12:53:53PM

Has anyone been able to get this to work? Whenever I type htc or even hts the command is unknown. I looked into my /user/local/bin and didn't see anything. Should there be files here? Should httptunnel-3.0.5.tar.gz be in your /user/local/bin when you ./configure it? Please help!



[ Reply to This | # ]
MUST BE RAN AS ROOT
Authored by: lirapd on Sep 05, '02 12:55:23PM

Has anyone been able to get this to work? Whenever I type htc or even hts the command is unknown. I looked into my /user/local/bin and didn't see anything. Should there be files here? Should httptunnel-3.0.5.tar.gz be in your /user/local/bin when you ./configure it? Please help!



[ Reply to This | # ]
Think twice before doing this
Authored by: macubergeek on Aug 05, '01 08:39:05PM

1. tunnelling like this effectively circumvents the security policy being enforced by the proxy server/firewall
2. this behaviour might be against your company's security policy hense
3. it might get you fired

Traffic between the two machines is probably not encrypted so you are essentially passing usernames and passwords in the clear, they could be intercepted, session could be hijacked...

just think twice before doing this.
You might consider instead using vnc piped over ssh instead. At least you could make a security argument that the traffic is encrypted at least....just a thought.



[ Reply to This | # ]
Other ways to use?
Authored by: kperry8 on Feb 17, '03 11:31:22AM

OK, suppose I have this online game that needs to connect to server 222.333.444.555:4000, but the firewall I'm behind prevents it. Can I somehow use htc and hts to make the game connect through my tunnel, and connect to the game server via the remote computer? Unfortunately, I can't change the address that the game connects to, so it will always try the default address...



[ Reply to This | # ]
I use super network tunnel
Authored by: ander on Nov 10, '09 08:00:02AM

can get it from http://download.cnet.com/Super-Network-Tunnel/3000-18510_4-10914449.html
Here is license code:
5AXkpJAxe7si9U8tkOOU9Q88xspw7QrNP1NpBoWnkS*censored*UsGknSe18OZRzLCJZOE/weVGh6Es9WG9RMyFglcofCA65Gnqj97kupXh/KrzDi4syH



[ Reply to This | # ]