summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--connect.html840
1 files changed, 840 insertions, 0 deletions
diff --git a/connect.html b/connect.html
new file mode 100644
index 0000000..0a58f1c
--- /dev/null
+++ b/connect.html
@@ -0,0 +1,840 @@
+<?xml version="1.0" encoding="us-ascii"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <title>SSH Proxy Command -- connect.c</title>
+ <meta name="generator" content="emacs-wiki.el" />
+ <meta http-equiv="Content-Type"
+ content="us-ascii" />
+ <link rev="made" href="mailto:gotoh@imasy.or.jp" />
+ <link rel="home" href="http://www.imasy.ne.jp/~gotoh/" />
+ <link rel="index" href="http://www.imasy.ne.jp/~gotoh/SiteIndex.html" />
+ <link rel="stylesheet" type="text/css" href="emacs-wiki.css">
+ </head>
+ <body>
+ <h1>SSH Proxy Command -- connect.c</h1>
+ <!-- Page published by Emacs Wiki begins here -->
+<p>
+<strong>connect.c</strong> is the simple relaying command to make network
+connection via SOCKS and https proxy. It is mainly intended to
+be used as <strong>proxy command</strong> of OpenSSH. You can make SSH session
+beyond the firewall with this command,
+
+</p>
+
+<p>
+Features of <strong>connect.c</strong> are:
+
+</p>
+
+<ul>
+<li>Supports SOCKS (version 4/4a/5) and https CONNECT method.
+</li>
+<li>Supports NO-AUTH and USERPASS authentication of SOCKS
+</li>
+<li>You can input password from tty, ssh-askpass or
+ environment variable.
+</li>
+<li>Run on UNIX or Windows platform.
+</li>
+<li>You can compile with various C compiler (cc, gcc, Visual C, Borland C. etc.)
+</li>
+<li>Simple and general program independent from OpenSSH.
+</li>
+<li>You can also relay local socket stream instead of standard I/O.
+</li>
+</ul>
+
+<p>
+Download source code from:
+<a href="http://www.imasy.or.jp/~gotoh/ssh/connect.c">http://www.imasy.or.jp/~gotoh/ssh/connect.c</a>
+<br/>
+For windows user, pre-compiled binary is also available:
+<a href="http://www.imasy.or.jp/~gotoh/ssh/connect.exe">http://www.imasy.or.jp/~gotoh/ssh/connect.exe</a> (compiled with MSVC)
+
+</p>
+
+<hr>
+<dl class="contents">
+<dt class="contents">
+<a href="connect.html#sec1">News</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec2">What is 'proxy command'</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec3">How to Use</a>
+</dt>
+<dd>
+<dl class="contents">
+<dt class="contents">
+<a href="connect.html#sec4">Get Source</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec5">Compile and Install</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec6">Modify your ~/.ssh/config</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec7">Use SSH</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec8">Have trouble?</a>
+</dt>
+</dl>
+</dd>
+<dt class="contents">
+<a href="connect.html#sec9">More Detail</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec10">Limitations</a>
+</dt>
+<dd>
+<dl class="contents">
+<dt class="contents">
+<a href="connect.html#sec11">SOCKS5 authentication</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec12">HTTP authentication</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec13">Switching proxy server</a>
+</dt>
+</dl>
+</dd>
+<dt class="contents">
+<a href="connect.html#sec14">Tips</a>
+</dt>
+<dd>
+<dl class="contents">
+<dt class="contents">
+<a href="connect.html#sec15">Proxying socket connection</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec16">Use with <code>ssh-askpass</code> command</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec17">Use for Network Stream of Emacs</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec18">Remote resolver</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec19">Hopping Connection via SSH</a>
+</dt>
+</dl>
+</dd>
+<dt class="contents">
+<a href="connect.html#sec20">F.Y.I.</a>
+</dt>
+<dd>
+<dl class="contents">
+<dt class="contents">
+<a href="connect.html#sec21">Difference between SOCKS versions.</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec22">Configuration to use HTTPS</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec23">SOCKS5 Servers</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec24">Specifications</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec25">Related Links</a>
+</dt>
+<dt class="contents">
+<a href="connect.html#sec26">Similars</a>
+</dt>
+</dl>
+</dd>
+</dl>
+
+<h2><a name="sec1">News</a></h2>
+
+<dl>
+<dt>2003-01-07</dt>
+<dd>
+Rev. 1.68. Fixed a trouble around timeout support.
+</dd>
+<dt>2002-11-21</dt>
+<dd>
+Rev. 1.64 supports reading parameters from file /etc/connectrc or
+ ~/.connectrc instead of specifying via environment variables. For
+ examle, you can use this feature to switch setting by replacing file
+ when network environment is changed. And added SOCKS_DIRECT,
+ SOCKS5_DIRECT, SOCKS4_DIRECT, HTTP_DIRECT, SOCKS5_AUTH, environment
+ parameters. (Thanks Masatoshi TSUCHIYA)
+</dd>
+<dt>2002-11-20</dt>
+<dd>
+Rev. 1.63 supports some old proxies which make response 401 with
+ WWW-Authenticate: header. And fixed to use username specified in
+ proxy host by -H option correctly. (contributed from Des Herriott, thanks)
+</dd>
+<dt>2002-10-14</dt>
+<dd>
+Rev. 1.61 with New option -w for specifying connection timeout.
+ Currently, it works on UNIX only. (contributed from Darren Tucker, thanks)
+</dd>
+<dt>2002-09-29</dt>
+<dd>
+Add sample script for switching proxy server
+ advised from Darren Tucker, thanks.
+</dd>
+<dt>2002-08-27</dt>
+<dd>
+connect.c is updataed to rev. 1.60.
+</dd>
+<dt>2002-04-08</dt>
+<dd>
+Updated <a href="http://www.imasy.or.jp/~gotoh/ssh/openssh-socks.html">"Using OpenSSH through a SOCKS compatible PROXY on your LAN"</a> written by J. Grant. (version 0.8)
+</dd>
+<dt>2002-02-20</dt>
+<dd>
+Add link of new document "Using OpenSSH through a SOCKS compatible PROXY on your LAN"
+ written by J. Grant.
+</dd>
+<dt>2002-01-31</dt>
+<dd>
+Rev. 1.53 -- On Win32 and with MSVC, handle password
+ input from console correctly.
+</dd>
+<dt>2002-01-30</dt>
+<dd>
+Rev. 1.50 -- [Security Fix] Do not print secure info in debug mode.
+</dd>
+<dt>2002-01-09</dt>
+<dd>
+Web page was made.
+ connect.c is rev. 1.48.
+</dd>
+</dl>
+
+<h2><a name="sec2">What</a> is 'proxy command'</h2>
+
+<p>
+OpenSSH development team decides to stop supporting SOCKS and any
+other tunneling mechanism. It was aimed to separate complexity to
+support various mechanism of proxying from core code. And they
+recommends more flexible mechanism: '<strong>ProxyCommand</strong>' option
+instead.
+
+</p>
+
+<p>
+Proxy command mechanism is delegation of network stream
+communication. If '<strong>ProxyCommand</strong>' options is specified, SSH
+invoke specified external command and talk with standard I/O of thid
+command. Invoked command undertakes network communication with
+relaying to/from standard input/output including iniitial
+communication or negotiation for proxying. Thus, ssh can split out
+proxying code into external command.
+
+</p>
+
+<p>
+'<strong>connect.c</strong>' was made for this purpose.
+
+</p>
+
+<h2><a name="sec3">How</a> to Use</h2>
+
+<h3><a name="sec4">Get</a> Source</h3>
+
+<p>
+Download source code from <a href="http://www.imasy.or.jp/~gotoh/ssh/connect.c">here</a>.
+<br/>
+If you are MS Windows user, you can get pre-compiled binary from
+<a href="http://www.imasy.or.jp/~gotoh/ssh/connect.exe">here</a>.
+
+</p>
+
+<h3><a name="sec5">Compile</a> and Install</h3>
+
+<p>
+In most environment, you can compile '<strong>connect.c</strong>' simply.
+On UNIX environment, you can use cc or gcc.
+On Windows environment, you can use Microsoft Visual C, Borland C or Cygwin gcc.
+
+</p>
+
+<table border="2" cellpadding="5">
+<thead>
+<tr>
+<th>Compiler</th><th>command line to compile</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>UNIX cc</td><td>cc connect.c -o connect</td>
+</tr>
+<tr>
+<td>UNIX gcc</td><td>gcc connect.c -o connect</td>
+</tr>
+<tr>
+<td>Solaris</td><td>gcc connect.c -o connect -lnsl -lsocket -lresolv</td>
+</tr>
+<tr>
+<td>Microsoft Visual C/C++</td><td>cl connect.c wsock32.lib advapi32.lib</td>
+</tr>
+<tr>
+<td>Borland C</td><td>bcc32 connect.c wsock32.lib advapi32.lib</td>
+</tr>
+<tr>
+<td>Cygwin gcc</td><td>gcc connect.c -o connect</td>
+</tr>
+</tbody>
+</table>
+
+<p>
+To install '<strong>connect</strong>' command, simply copy compiled binary to directory
+in your PATH (ex. /usr/local/bin). Like this:
+
+</p>
+
+<pre class="example">
+$ cp connect /usr/local/bin
+</pre>
+
+<h3><a name="sec6">Modify</a> your ~/.ssh/config</h3>
+
+<p>
+Modify your <code>~/.ssh/config</code> file to use '<strong>connect</strong>' command as
+'<strong>proxy command</strong>'. For the case of SOCKS server is running on
+firewall host '<code>socks.local.net</code>' with port 1080, you can add
+'<strong>ProxyCommand</strong>' option in <code>~/.ssh/config</code>, like this:
+
+</p>
+
+<pre class="example">
+Host remote.outside.net
+ ProxyCommand connect -S socks.local.net %h %p
+</pre>
+
+<p>
+'<code>%h</code>' and '<code>%p</code>' will be replaced on invoking proxy command with
+target hostname and port specified to SSH command.
+
+</p>
+
+<p>
+If you hate writing many entries of remote hosts, following example
+may help you.
+
+</p>
+
+<pre class="example">
+## Outside of the firewall, use connect command with SOCKS conenction.
+Host *
+ ProxyCommand connect -S socks.local.net %h %p
+
+## Inside of the firewall, use connect command with direct connection.
+Host *.local.net
+ ProxyCommand connect %h %p
+</pre>
+
+<p>
+If you want to use http proxy, use '<strong>-H</strong>' option instead of '<strong>-S</strong>'
+option in examle above, like this:
+
+</p>
+
+<pre class="example">
+## Outside of the firewall, with HTTP proxy
+Host *
+ ProxyCommand connect -H proxy.local.net:8080 %h %p
+
+## Inside of the firewall, direct
+Host *.local.net
+ ProxyCommand connect %h %p
+</pre>
+
+<h3><a name="sec7">Use</a> SSH</h3>
+
+<p>
+After editing your <code>~/.ssh/config</code> file, you are ready to use ssh.
+You can execute ssh without any special options as if remote host is
+IP reachable host. Following is an example to execute '<code>hostname</code>'
+command on host '<code>remote.outside.net</code>'.
+
+</p>
+
+<pre class="example">
+$ ssh remote.outside.net hostname
+remote.outside.net
+$
+</pre>
+
+<h3><a name="sec8">Have</a> trouble?</h3>
+
+<p>
+If you have trouble, execute '<strong>connect</strong>' command from command line
+with '<code>-d</code>' option to see what is happened. Some debug message may
+appear and reports progress. This information may tell you what is
+wrong. In this example, error has occurred on authentication stage of
+SOCKS5 protocol.
+
+</p>
+
+<pre class="example">
+$ connect -d -S socks.local.net unknown.remote.outside.net 110
+DEBUG: relay_method = SOCKS (2)
+DEBUG: relay_host=socks.local.net
+DEBUG: relay_port=1080
+DEBUG: relay_user=gotoh
+DEBUG: socks_version=5
+DEBUG: socks_resolve=REMOTE (2)
+DEBUG: local_type=stdio
+DEBUG: dest_host=unknown.remote.outside.net
+DEBUG: dest_port=110
+DEBUG: Program is $Revision$
+DEBUG: connecting to xxx.xxx.xxx.xxx:1080
+DEBUG: begin_socks_relay()
+DEBUG: atomic_out() [4 bytes]
+DEBUG: >>> 05 02 00 02
+DEBUG: atomic_in() [2 bytes]
+DEBUG: <<< 05 02
+DEBUG: auth method: USERPASS
+DEBUG: atomic_out() [some bytes]
+DEBUG: >>> xx xx xx xx ...
+DEBUG: atomic_in() [2 bytes]
+DEBUG: <<< 01 01
+ERROR: Authentication faield.
+FATAL: failed to begin relaying via SOCKS.
+</pre>
+
+<h2><a name="sec9">More</a> Detail</h2>
+
+<p>
+Command line usage is here:
+
+</p>
+
+<pre class="example">
+usage: connect [-dnhs45] [-R resolve] [-p local-port] [-w sec]
+ [-H [user@]proxy-server[:port]]
+ [-S [user@]socks-server[:port]]
+ host port
+</pre>
+
+<p>
+'<strong>host</strong>' and '<strong>port</strong>' is target hostname and port-number to connect.
+
+</p>
+
+<p>
+'<strong>-H</strong>' option specify hostname and port number of http proxy server to
+relay. If port is omitted, 80 is used. You can specify this value by
+environment variable <code>HTTP_PROXY</code> and give '<strong>-h</strong>' option to use it.
+
+</p>
+
+<p>
+'<strong>-S</strong>' option specify hostname and port number of SOCKS server to
+relay. Like '<strong>-H</strong>' option, port number can be omit and default is 1080.
+You can also specify this value pair by environment variable
+<code>SOCKS5_SERVER</code> and give '<strong>-s</strong>' option to use it.
+
+</p>
+
+<p>
+'<strong>-4</strong>' and '<strong>-5</strong>' is for specifying SOCKS protocol version. It is
+valid only using with '<strong>-s</strong>' or '<strong>-S</strong>'. Default is '<strong>-5</strong>'
+(protocol version 5)
+
+</p>
+
+<p>
+'<strong>-R</strong>' is for specifying method to resolve hostname. 3 keywords
+('<code>local</code>', '<code>remote</code>', '<code>both</code>') or dot-notation IP address is
+allowed. Keyword '<code>both</code>' means; "Try local first, then
+remote". If dot-notation IP address is specified, use this host as
+nameserver (UNIX only). Default is '<code>remote</code>' for SOCKS5 or '<code>local</code>'
+for others. On SOCKS4 protocol, remote resolving method ('<code>remote</code>'
+and '<code>both</code>') use protocol version 4a.
+
+</p>
+
+<p>
+The '<strong>-p</strong>' option will forward a local TCP port instead of using the
+standard input and output.
+
+</p>
+
+<p>
+The '<strong>-w</strong>' option specifys timeout seconds for making connection with
+TARGET host.
+
+</p>
+
+<p>
+The '<strong>-a</strong>' option specifiys user intended authentication methods
+separated by comma. Currently '<code>userpass</code>' and '<code>none</code>' are
+supported. Default is '<code>userpass</code>'. You can also specifying this
+parameter by the environment variable <code>SOCKS5_AUTH</code>.
+
+</p>
+
+<p>
+The '<strong>-d</strong>' option is used for debug. If you fail to connect, use this
+and check request to and response from server.
+
+</p>
+
+<p>
+You can omit '<strong>port</strong>' argument when program name is special format
+containing port number itself. For example,
+
+</p>
+
+<pre class="example">
+$ ln -s connect connect-25
+$ ./connect-25 smtphost.outside.net
+220 smtphost.outside.net ESMTP Sendmail
+QUIT
+221 2.0.0 smtphost.remote.net closing connection
+$
+</pre>
+
+<p>
+This example means that the command name "<code>connect-25</code>" contains port number
+25 so you can omit 2nd argument (and used if specified explicitly).
+
+</p>
+
+<h2><a name="sec10">Limitations</a></h2>
+
+<h3><a name="sec11">SOCKS5</a> authentication</h3>
+
+<p>
+Only NO-AUTH and USER/PASSWORD authentications are supported.
+GSSAPI authentication (RFC 1961) and other draft authentications (CHAP,
+EAP, MAF, etc.) is not supported.
+
+</p>
+
+<h3><a name="sec12">HTTP</a> authentication</h3>
+
+<p>
+BASIC authentication is supported but DIGEST authentication is not.
+
+</p>
+
+<h3><a name="sec13">Switching</a> proxy server</h3>
+
+<p>
+There is no mechanism to switch proxy server regarding to PC environment.
+This limitation might be bad news for mobile user.
+Since I do not want to make this program complex, I do not want to
+support although this feature is already requested. Please advice me
+if there is good idea of detecting environment to swich and simple way
+to specify conditioned directive of servers.
+
+</p>
+
+<p>
+One tricky workaround exists. It is replacing ~/.ssh/config file
+by script on ppp up/down.
+
+</p>
+
+<p>
+There's another example of wrapper script (contributed by Darren Tucker).
+This script costs executing ifconfig and grep to detect
+current environment, but it works. (NOTE: you should modify addresses
+if you use it.)
+
+</p>
+
+<pre class="example">
+#!/bin/sh
+## ~/bin/myconnect --- Proxy server switching wrapper
+
+if ifconfig eth0 |grep "inet addr:192\.168\.1" >/dev/null; then
+ opts="-S 192.168.1.1:1080"
+elif ifconfig eth0 |grep "inet addr:10\." >/dev/null; then
+ opts="-H 10.1.1.1:80"
+else
+ opts="-s"
+fi
+exec /usr/local/bin/connect $opts $@
+</pre>
+
+<h2><a name="sec14">Tips</a></h2>
+
+<h3><a name="sec15">Proxying</a> socket connection</h3>
+
+<p>
+In usual, '<strong>connect.c</strong>' relays network connection to/from standard
+input/output. By specifying '<strong>-p</strong>' option, however, '<strong>connect.c</strong>'
+relays local network stream instead of standard input/output.
+With this option, '<strong>connect</strong>' command waits connection
+from other program, then start relaying between both network stream.
+
+</p>
+
+<p>
+This feature may be useful for the program which is hard to SOCKSify.
+
+</p>
+
+<h3><a name="sec16">Use</a> with <code>ssh-askpass</code> command</h3>
+
+<p>
+'<strong>connect.c</strong>' ask you password when authentication is required. If
+you are using on tty/pty terminal, connect can input from terminal
+with prompt. But you can also use '<code>ssh-askpass</code>' program to input
+password. If you are graphical environment like X Window or MS
+Windows, and program does not have tty/pty, and environment variable
+SSH_ASKPASS is specified, then '<strong>connect.c</strong>' invoke command
+specified by environment variable '<code>SSH_ASKPASS</code>' to input password.
+<code>ssh-askpass</code> program might be installed if you are using OpenSSH on
+UNIX environment. On Windows environment, pre-compiled binary is
+available from
+<a href="http://www.imasy.or.jp/~gotoh/ssh/ssh-askpass.exe">here</a>.
+
+</p>
+
+<p>
+This feature is limited on window system environment.
+
+</p>
+
+<p>
+And also useful on Emacs on MS Windows (NT Emacs or Meadow). It is
+hard to send passphrase to '<strong>connect</strong>' command (and also ssh)
+because external command is invoked on hidden terminal and do I/O with
+this terminal. Using ssh-askpass avoids this problem.
+
+</p>
+
+<h3><a name="sec17">Use</a> for Network Stream of Emacs</h3>
+
+<p>
+Although '<strong>connect.c</strong>' is made for OpenSSH, it is generic and
+independent from OpenSSH. So we can use this for other purpose. For
+example, you can use this command in Emacs to open network connection
+with remote host over the firewall via SOCKS or HTTP proxy without
+SOCKSifying Emacs itself.
+
+</p>
+
+<p>
+There is sample code:
+<a href="http://www.imasy.or.jp/~gotoh/lisp/relay.el">http://www.imasy.or.jp/~gotoh/lisp/relay.el</a>
+
+</p>
+
+<p>
+With this code, you can use <code>relay-open-network-stream</code> function
+instead of <code>open-network-stream</code> to make network connection. See top
+comments of source for more detail.
+
+</p>
+
+<h3><a name="sec18">Remote</a> resolver</h3>
+
+<p>
+If you are SOCKS4 user on UNIX environment, you might want specify
+nameserver to resolve remote hostname. You can do it specifying
+'<strong>-R</strong>' option followed by IP address of resolver.
+
+</p>
+
+<h3><a name="sec19">Hopping</a> Connection via SSH</h3>
+
+<p>
+Conbination of ssh and '<strong>connect</strong>' command have more interesting usage.
+Following command makes indirect connection to host2:port from your
+current host via host1.
+
+</p>
+
+<pre class="example">
+ssh host1 connect host2 port
+</pre>
+
+<p>
+This method is useful for the situations like:
+
+</p>
+
+<ul>
+<li>You are outside of organizasion now, but you want to access an
+ internal host barriered by firewall.
+</li>
+<li>You want to use some service which is allowed only from some
+ limited hosts.
+</li>
+</ul>
+
+<p>
+For example, I want to use local NetNews service in my office
+from home. I cannot make NNTP session directly because NNTP host is
+barriered by firewall. Fortunately, I have ssh account on internal
+host and allowed using SOCKS5 on firewall from outside. So I use
+following command to connect to NNTP service.
+
+</p>
+
+<pre class="example">
+$ ssh host1 connect news 119
+200 news.my-office.com InterNetNews NNRP server INN 2.3.2 ready (posting ok).
+quit
+205 .
+$
+</pre>
+
+<p>
+By combinating hopping connection and relay.el, I can read NetNews
+using <a href="http://www.gohome.org/wl/">Wanderlust</a> on Emacs at home.
+
+</p>
+
+<pre class="example">
+ |
+ External (internet) | Internal (office)
+ |
++------+ +----------+ +-------+ +-----------+
+| HOME | | firewall | | host1 | | NNTP host |
++------+ +----------+ +-------+ +-----------+
+ emacs <-------------- ssh ---------------> sshd <-- connect --> nntpd
+ <-- connect --> socksd <-- SOCKS -->
+</pre>
+
+<h2><a name="sec20">F</a>.Y.I.</h2>
+
+<h3><a name="sec21">Difference</a> between SOCKS versions.</h3>
+
+<p>
+SOCKS version 4 is first popular implementation which is documented
+<a href="http://www.socks.nec.com/protocol/socks4.protocol">here</a>. Since
+this protocol provide IP address based requesting, client program
+should resolve name of outer host by itself. Version 4a (documented
+<a href="http://www.socks.nec.com/protocol/socks4a.protocol">here</a>) is
+enhanced to allow request by hostname instead of IP address.
+
+</p>
+
+<p>
+SOCKS version 5 is re-designed protocol stands on experience of
+version 4 and 4a. There is no compativility with previous
+versions. Instead, there's some improvement: IPv6 support, request by
+hostname, UDP proxying, etc.
+
+</p>
+
+<h3><a name="sec22">Configuration</a> to use HTTPS</h3>
+
+<p>
+Many http proxy servers implementation supports https <code>CONNECT</code> method
+(SLL). You might add configuration to allow using https. For the
+example of <a href="http://www.delegate.org/delegate/">DeleGate</a> (
+DeleGate is a multi-purpose application level gateway, or a proxy
+server) , you should add '<code>https</code>' to '<code>REMITTABLE</code>' parameter to
+allow HTTP-Proxy like this:
+
+</p>
+
+<pre class="example">
+delegated -Pxxxx ...... REMITTABLE='+,https' ...
+</pre>
+
+<p>
+For the case of Squid, you should allow target ports via https by ACL,
+and so on.
+
+</p>
+
+<h3><a name="sec23">SOCKS5</a> Servers</h3>
+
+<dl>
+<dt><a href="http://www.socks.nec.com/refsoftware.html">NEC SOCKS Reference Implementation</a></dt>
+<dd>
+Reference implementation of SOKCS server and library.
+</dd>
+<dt><a href="http://www.inet.no/dante/index.html">Dante</a></dt>
+<dd>
+Dante is free implementation of SOKCS server and library.
+ Many enhancements and modulalized.
+</dd>
+<dt><a href="http://www.delegate.org/delegate/">DeleGate</a></dt>
+<dd>
+DeleGate is multi function proxy service provider.
+ DeleGate 5.x.x or earlier can be SOCKS4 server,
+ and 6.x.x can be SOCKS5 and SOCKS4 server.
+ and 7.7.0 or later can be SOCKS5 and SOCKS4a server.
+</dd>
+</dl>
+
+<h3><a name="sec24">Specifications</a></h3>
+
+<dl>
+<dt><a href="http://www.socks.nec.com/protocol/socks4.protocol">socks4.protocol.txt</a></dt>
+<dd>
+SOCKS: A protocol for TCP proxy across firewalls
+</dd>
+<dt><a href="http://www.socks.nec.com/protocol/socks4a.protocol">socks4a.protocol.txt</a></dt>
+<dd>
+SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
+</dd>
+<dt><a href="http://www.socks.nec.com/rfc/rfc1928.txt">RFC 1928</a></dt>
+<dd>
+SOCKS Protocol Version 5
+</dd>
+<dt><a href="http://www.socks.nec.com/rfc/rfc1929.txt">RFC 1929</a></dt>
+<dd>
+Username/Password Authentication for SOCKS V5
+</dd>
+<dt><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a></dt>
+<dd>
+Hypertext Transfer Protocol -- HTTP/1.1
+</dd>
+<dt><a href="http://www.ietf.org/rfc/rfc2617.txt">RFC 2617</a></dt>
+<dd>
+HTTP Authentication: Basic and Digest Access Authentication
+</dd>
+</dl>
+
+<h3><a name="sec25">Related</a> Links</h3>
+
+<ul>
+<li><a href="http://www.openssh.org">OpenSSH Home</a>
+</li>
+<li><a href="http://www.ssh.com/">Proprietary SSH</a>
+</li>
+<li><a href="http://www.imasy.or.jp/~gotoh/ssh/openssh-socks.html">Using OpenSSH through a SOCKS compatible PROXY on your LAN</a> (J. Grant)
+</li>
+</ul>
+
+<h3><a name="sec26">Similars</a></h3>
+
+<ul>
+<li><a href="http://proxytunnel.sourceforge.net/">Proxy Tunnel</a> -- Proxying command using https CONNECT.
+</li>
+<li><a href="http://www.snurgle.org/~griffon/ssh-https-tunnel">stunnel</a> -- Proxy through an https tunnel (Perl script)
+</li>
+</ul>
+<br>
+
+ <!-- Page published by Emacs Wiki ends here -->
+ <div class="navfoot">
+ <hr/>
+ <table width="100%" border="0" summary="Footer navigation">
+ <tbody><tr>
+ <td width="50%" align="left">
+ <span class="footdate">Last Updated: 2003-06-17</span><br/>
+ </td>
+ <td width="50%" align="right">
+ This page is authored by <a href="mailto:gotoh@taiyo.co.jp">Shun-ichi GOTO</a>
+ using <a href="http://repose.cx/emacs/wiki">emacs-wiki.el</a><br/>
+ </td>
+ </tr></tbody>
+ </table>
+ </div>
+ </body>
+</html>
generated by cgit v0.10.2 at 2024-06-07 08:35:53 (GMT)