[plug] Slightly OT? cascading proxies

Denis Brown dsbrown at cyllene.uwa.edu.au
Thu Oct 5 10:38:32 WST 2000 

Dear Plug members,

Many thanks for the replies.  It seems as though it was a bit more on-topic 
than I'd thought.  To summarise so far:

The use of IPMasq, whereby I set up a VPN to a box on my local (friendly) 
subnet would seem possible.  I'm still wading through the 
documentation.  Thanks David, Brian and skribe.

The use of Squid, setting up parent-child relationships, was also worthy of 
a fair bit or reading.  However as Steve pointed out, setting up a 
successful implementation pretty much depends on being able to administer 
the (in this case unfriendly subnet) parent proxy.  The punching of extra 
holes through the existing firewall is pretty low on the list of 
probabilities, about the same as my getting permission to administer the 
proxy :-(

Matt's suggestion of httptunnel intuitively is the most promising so 
far.  In my situation the use of a browser to gain access to the data on 
the "friendly" subnet is mandatory.  I've already tried using a telnet 
session to a friendly-subnet box and then using lynx on that box to access 
the resources.  Unfortunately the complexity of the websites, their use of 
frames, their lack of ALT text, etc makes life very hard for both lynx and 
the user.  At least a frame-capable browser is required, preferably 
Java-capable as well.

What I'm hoping that httptunnel can help me do, either directly or 
indirectly, is to masquerade as a friendly-subnet machine.  Bill's 
suggestion of Zebedee is interesting and appears to implement a secure VPN, 
as he says, over a wide range of ports.  More reading, MUCH more reading to 
be done!

Another thought which has been triggered by all the above is this: can I 
implement a CGI/Perl/PhP/whatever script to run on an Apache server to 
effectively do IPMasq'ing?  In other words, client on remote (unfriendly) 
subnet points browser to the Apache box.  Apache box (my Linux box) serves 
him a page requesting the url of interest on the local (friendly) 
subnet.  Apache box sends the request to the server for the required 
resource, apparently from a "friendly" user -- in other words, a form of 
masquerading.  Replies to the Apache box then get sent back to the original 
requestor.  Possible, or have I been drinking too much coffee / having too 
many late nights??

Thanks for the suggestions,
Denis

More information about the plug mailing list