<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><br></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Atlanta Geek" <atlantageek@gmail.com><br><b>To: </b>ale@ale.org<br><b>Sent: </b>Thursday, August 25, 2016 4:45:15 PM<br><b>Subject: </b>[ale] Proxy Raw sockets with apache<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;" data-mce-style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;">All,</blockquote><div>Im attempting to support a customer who is trying to port forward to a non http service from his firewall.</div><div>He wants to use apache to do this.</div><br><div>Im 98% sure he cannot do this and that he needs to use something like a Socks proxy or iptable. </div><div>However I just want to confirm this with some Linux Elite.</div><br><div>So please confirm that apache only proxies http(s) traffic and not a raw socket proxy. </div></div></div></blockquote><div><br></div><div>I've been wanting to do this. I wanted a way to do a GET /XXXXX and then Apache does what inetd would do. Fork, exec the service assigned to that URL, and walk away. Problem is that your application has to do the GET /XXX part or you could simply write a proxy on that system to listen to localhost:port and pass it. Solutions exist for this using websockets, etc. The key is you must control the apache end.</div><div><br data-mce-bogus="1"></div><div>-- [ cut here ] -------------</div><div>httptunnel creates a bidirectional virtual data path tunnelled in HTTP<br>requests. The requests can be sent via an HTTP proxy if so desired.<br><br>This can be useful for users behind restrictive firewalls. If WWW<br>access is allowed through an HTTP proxy, it's possible to use<br>httptunnel and, say, telnet or PPP to connect to a computer outside<br>the firewall.<br><br>If you still don't understand what this is all about, maybe you<br>can find some useful information in the FAQ file.<br><br>This program is mostly intended for technically oriented users.<br>They should know what to do.<br><br>httptunnel is free software. See COPYING for terms and conditions.<br>If you like it, I would appreciate if you sent a post card to:<br> Lars Brinkhoff<br> Kopmansgatan 2<br> 411 13 Goteborg<br> Sweden<br><br>Information and/or latest release should be available from these places:<br> http://www.nocrew.org/software/httptunnel.html<br>-------</div><div>----- [ cut here ] -------------</div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>If you have an extra public IP address you can alias it on the same apache server, use iptables redirect.</div><div><br data-mce-bogus="1"></div><div>/sbin/iptables -t nat -A PREROUTING -p tcp -s XXXXXXX/32 --dport 80 -j REDIRECT --to-ports 5000<br></div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>You may not be out of the woods. If the firewall does packet inspection it will block you. You can see this via strace on the server. Attach to the process and you'll see the accept() and the write(). Sendmail sends its header, first line, whatever you call it. The firewall will decide the fate of the client based on what ti sees. On the server you'll see 'connection reset by peer' if the firewall decided in favor of security over your client. LoL</div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div></div></div></body></html>