corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » Http-tunneling


New Topic

New Poll
  Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author Http-tunneling
Dom
Member

Registered: 13th Sep 03
User status: Offline
17th Sep 07 at 14:38   View User's Profile U2U Member Reply With Quote

Anyone got any pointers in how this can be achieved?
Want a direct connection to my server at home from work (to run VNC etc), but work has a numerous filters and have locked down the outgoing connections to a few ports (the usual bunch, http/https/ftp/pop/smtp) - so need a way to tunnel (possible to encrypt?) to my server via port 80 (http), if its do-able?

Oh and both systems run XP, though a mac client would be useful.

cheers for any help on this
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
17th Sep 07 at 14:43   View Garage View User's Profile U2U Member Reply With Quote

does it have to be port 80? you can alter the port settings in VNC iirc, but you will just hit your works external IP, i assume your server is running on a private ip address, in which case youd need to get port forwarding setup at your work

[Edited on 17-09-2007 by Steve]
Aaron
Member

Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
17th Sep 07 at 14:54   View User's Profile U2U Member Reply With Quote

is port 3389 (outgoing) disabled at work?

[Edited on 17-09-2007 by Aj.]
Dom
Member

Registered: 13th Sep 03
User status: Offline
17th Sep 07 at 16:04   View User's Profile U2U Member Reply With Quote

setting up VNC isn't the problem though, the problem is getting around works and the councils firewalls, hence the reason for a HTTP tunnel (using port 80) rather than a direct connection between a VNC server and client.

As for what ports are blocked im not 100% sure, internally it's fine though but it's locked down tighter than a ducks backside with regards to the WAN/internet side of things.

been reading into HTTP tunneling and it just goes over my head, hence why i asked on here as i know theres a few network/IT engineers etc.

cheers for the help so far though guys,
Dom
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
17th Sep 07 at 16:18   View Garage View User's Profile U2U Member Reply With Quote

you will need to set up incoming port forwarding at your works end for it to work
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
17th Sep 07 at 16:29   View User's Profile U2U Member Reply With Quote

I used a tunnelling service once ... u had to pay some money - but u basically connected to their server, then all traffic went via that, to wherever / whatever you were connecting to... Got round most firewall / blocking stuff.
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
17th Sep 07 at 16:30   View Garage View User's Profile U2U Member Reply With Quote

setup port 80 on your router to forward to port 5900 on your PC.

If their firewalls only check that the destination port is port 80 it should be fine, however if it goes through something more indepth a layer7 firewall or a WebProxy it may not let it through due to content filtering.
Dom
Member

Registered: 13th Sep 03
User status: Offline
17th Sep 07 at 18:00   View User's Profile U2U Member Reply With Quote

Cheers guys,

Willay - We have a lease line (via NTL) that connects our network to the councils but we are forced to use a proxy server (based at the council) for internet access. It's filtered (not 100% sure what/how, but certainly typical url/swear filtering) internally as well as at the councils end and i believe ports are blocked at both ends (certainly at the councils end).

Have already tried setting up a proxy on my server at home, but it didn't want to know and my logs showed nothing (apart from yanks trying to access it ).

If i forward port 80 to 5900, will i still beable to browse the net when at home?
Will give it ago eitherway

Steve - it's port blocked, if not at our end certainly at the councils end so port forwarding isn't a suitable solution at work. Hence why im asking about HTTP tunneling - > More Here <

Paul - im too cheap to pay for it, plus it might it might not even work

[Edited on 17-09-2007 by Dom]
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
17th Sep 07 at 18:21   View Garage View User's Profile U2U Member Reply With Quote

there used to be a program for that we used at work, we used it to get on msn through port 80 i forget the name of it now, but i doubt it would work for incoming connections, either way as soon as you hit your work external IP something needs to direct the traffic to your server
Dom
Member

Registered: 13th Sep 03
User status: Offline
17th Sep 07 at 18:39   View User's Profile U2U Member Reply With Quote

you thinkings of that SocksCap (think it was called that), uses a socks proxy/connection to redirect traffic etc?

What i gather from reading about HTTP tunneling is that it wraps a connection within the HTTP protocol (connection gets encrypted), allowing you to bypass firewalls (as they just see typical HTTP packets).
Means you can connect to your computer/server at home and use MSN and browse the net without filtering etc

It's just a pain in the backside that i can't view audio forums that are useful to my job and i can't get them unblocked (to much effort, apparently, as the urls aren't blocked at our end)
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
17th Sep 07 at 18:42   View Garage View User's Profile U2U Member Reply With Quote

yeah thats outgoing to the net, incoming would be a different kettle of fish
Tim
Site Administrator

Avatar

Registered: 21st Apr 00
User status: Offline
17th Sep 07 at 19:26   View Garage View User's Profile U2U Member Reply With Quote

Google for sslexplorer
Dom
Member

Registered: 13th Sep 03
User status: Offline
17th Sep 07 at 20:01   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Steve
yeah thats outgoing to the net, incoming would be a different kettle of fish


im guessing the incoming packet is routed back to your system as if it was typical http data, and then gets "unwrapped" - you run a client and a server, but from the stuff i've got my hands on you have to manually add each port/protocol, and thats a little bit above my head

tim - will give it a go

[Edited on 17-09-2007 by Dom]
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
17th Sep 07 at 20:20   View Garage View User's Profile U2U Member Reply With Quote

how does it know its got to go back to your system? what tells it which ip address to hit?
Tim
Site Administrator

Avatar

Registered: 21st Apr 00
User status: Offline
17th Sep 07 at 20:33   View Garage View User's Profile U2U Member Reply With Quote

The same way the http data gets there -- because the proxy or firewall tracks connections.

It's only unwrapped once it hits the application running on your computer (stunnel etc), or the server running outside the firewall...
Steve
Premium Member

Avatar

Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
17th Sep 07 at 21:54   View Garage View User's Profile U2U Member Reply With Quote

yeah but say your server is running a private ip of say 10.0.0.1 for arguments sake, you send some vnc traffic over port 80 from home, this hits the router/firewall at work, then how does it know to pass the connection to ip 10.0.0.1 without setting up port forwarding?

for the same reason if you setup 10.0.0.1 as a web server and tried to connect to it outside the workplace, it wouldn't work until you setup the router to forward http incoming requests there

[Edited on 17-09-2007 by Steve]
Tim
Site Administrator

Avatar

Registered: 21st Apr 00
User status: Offline
18th Sep 07 at 13:38   View Garage View User's Profile U2U Member Reply With Quote

Yes SSLExplorer would still need a port-forward on the destination. The difference is rather than port-forwarding directly to VNC, you forward to the SSLExplorer agent (or stunnel instance) and use it for multiple (and SSL encrypted) protocols...

 
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
breakers Jordan1 General Chat 6 916
20th Apr 03 at 00:41
by Munchie
 
Slightly different one... PaulW Help Zone, Modification and ICE Advice 3 1043
24th May 03 at 19:13
by fearless
 
DESIGNER CLOTHING ONLINE SITES? mitchellc99 General Chat 8 4934
2nd Jul 03 at 17:33
by mitchellc99
 
Clothes websites Dean_H General Chat 11 2811
14th Jul 03 at 21:52
by internationalbomb
 
Powerflow Cat Back system mike_sport Parts Offered 3 620
12th Sep 07 at 22:10
by mike_sport
 

Corsa Sport » Message Board » Off Day » Geek Day » Http-tunneling 29 database queries in 0.0123239 seconds