Jim Duda
2004-03-05 02:40:55 UTC
I'm trying to use GNU httptunnel
(http://www.nocrew.org/software/httptunnel.html)
behind apache using the reverseproxy feature. Apache version 2.0.48
I have reverseproxy working, as I have another machine behind apache
using this feature serving up html pages properly. Works great.
I have apache running on my firewall. I only have 1 single common port
between my firewall and my client. I only have port 443 to work with.
I'm using port 443 with basic http. I need apache to server web pages,
but I also need other non-web services. At first, I just want to get
a telnet client working, but hope to migrate to ssh later. I'm aware
of the security issues this imposes. My firewall is setup to only allow
a client connection on port 443 from the allowable location.
My httpd.conf has the following - among other things (-:
Listen 443
<VirtualHost *>
ServerName <myserver>.com
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/
</VirtualHost>
I run the httptunnel server on the firewall machine.
hts -F localhost:23
I run the httptunnel client on the client side.
htc -F localhost:8000 <myserver>.com:443
On the client, I issue:
telnet localhost 8000.
On the server, I've used ethereal to watch the traffic.
I see the client open a connection with apache on 443.
I see apache open a connection with the hts server on port 8888.
I see the hts server open a connection on port 23.
I see the client send a POST and GET through apache to
the httptunnel server on port 8888.
The telnet port sends stuff to the httptunnel server port.
The httptunnel server responds to the GET command with
15 bytes using 3 separate TCP packets back to the apache server.
0 (0000 02 .) putline
0 (0000 00 0c ..) putline
0 (0000 ff fd 18 ff fd 20 ff fd 23 ff fd 27 ..... ..#..')
putline
I believe these 15 bytes are the beginning of the telnet negotiation.
I never see the 15 bytes comes out of the apache server
on the otherside of the firewall towards the client. The client
side is stopped waiting for a response.
I've turned on apache debugging and then used the printf debugging approach
and found I'm stuck inside proxy_http.
I get the debug message
"proxy: start body send" in logs/error_log
I'm stuck in proxy_http.c, line 928
while (ap_get_brigade(rp->input_filters,
bb,
AP_MODE_READBYTES,
APR_BLOCK_READ,
conf->io_buffer_size) == APR_SUCCESS)
{
The ap_get_brigade function never returns, and I'm stuck here.
I get through this loop three times, before the httptunnel stops
sending data, then I'm stuck. The client needs to receive these
bytes and transmit to the server again before the server will send
any more data.
Am what I'm attempting completely wacked?
Can anyone offer any pointers on what to look for next?
I will continue to debug further.
Thanks,
Jim
(http://www.nocrew.org/software/httptunnel.html)
behind apache using the reverseproxy feature. Apache version 2.0.48
I have reverseproxy working, as I have another machine behind apache
using this feature serving up html pages properly. Works great.
I have apache running on my firewall. I only have 1 single common port
between my firewall and my client. I only have port 443 to work with.
I'm using port 443 with basic http. I need apache to server web pages,
but I also need other non-web services. At first, I just want to get
a telnet client working, but hope to migrate to ssh later. I'm aware
of the security issues this imposes. My firewall is setup to only allow
a client connection on port 443 from the allowable location.
My httpd.conf has the following - among other things (-:
Listen 443
<VirtualHost *>
ServerName <myserver>.com
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/
</VirtualHost>
I run the httptunnel server on the firewall machine.
hts -F localhost:23
I run the httptunnel client on the client side.
htc -F localhost:8000 <myserver>.com:443
On the client, I issue:
telnet localhost 8000.
On the server, I've used ethereal to watch the traffic.
I see the client open a connection with apache on 443.
I see apache open a connection with the hts server on port 8888.
I see the hts server open a connection on port 23.
I see the client send a POST and GET through apache to
the httptunnel server on port 8888.
The telnet port sends stuff to the httptunnel server port.
The httptunnel server responds to the GET command with
15 bytes using 3 separate TCP packets back to the apache server.
0 (0000 02 .) putline
0 (0000 00 0c ..) putline
0 (0000 ff fd 18 ff fd 20 ff fd 23 ff fd 27 ..... ..#..')
putline
I believe these 15 bytes are the beginning of the telnet negotiation.
I never see the 15 bytes comes out of the apache server
on the otherside of the firewall towards the client. The client
side is stopped waiting for a response.
I've turned on apache debugging and then used the printf debugging approach
and found I'm stuck inside proxy_http.
I get the debug message
"proxy: start body send" in logs/error_log
I'm stuck in proxy_http.c, line 928
while (ap_get_brigade(rp->input_filters,
bb,
AP_MODE_READBYTES,
APR_BLOCK_READ,
conf->io_buffer_size) == APR_SUCCESS)
{
The ap_get_brigade function never returns, and I'm stuck here.
I get through this loop three times, before the httptunnel stops
sending data, then I'm stuck. The client needs to receive these
bytes and transmit to the server again before the server will send
any more data.
Am what I'm attempting completely wacked?
Can anyone offer any pointers on what to look for next?
I will continue to debug further.
Thanks,
Jim