|<B>-AB>, <B>--proxy-authenticationB> user:password||Proxy authentication information.|
|<B>-CB>, <B>--control-portB> controlport||
The port to which one can connect to issue control commands to
See CONTROL CONNECTIONS for more details about the available commands.
|<B>-LB>, <B>--local-onlyB>||Create the tunnels so that they will only listen on localhost. Thus, only connections originating from the machine that runs <B>connect-tunnelB> will be accepted.|
|<B>-PB>, <B>--proxyB> proxy[:port]||
The proxy is required to connect the tunnels.
If no port is given, 8080 is used by default.
See also ENVIRONMENT VARIABLES.
|<B>-TB>, <B>--tunnelB> port:host:hostport||
Specifies that the given port on the local host is to be forwarded
to the given host and hostport on the remote side. This works by
allocating a socket to listen to port on the local side, and whenever
a connection is made to this port, <B>connect-tunnelB> forwards it to
the proxy (with the credentials, if required), which in turn forwards
it to the final destination.
Note that this does not imply the use of any cryptographic system (SSL or any other). This is a simple TCP redirection. The security if any, is the one provided by the protocol used to connect to the destination through <B>connect-tunnelB>.
On Unix systems, only root can forward privileged ports.
|<B>-UB>, <B>--user-agentB> string||Specify User-Agent value to send in HTTP requests. The default is to send connect-tunnel/version.|
This option can be used several times for more verbose output.
To connect to a SSH server running on ssh.example.com, on port 443, through the proxy proxy.company.com, running on port 8080, use the following command:
connect-tunnel -P proxy.company.com:8080 -T 22:ssh.example.com:443
You can also emulate a standard user-agent:
connect-tunnel -U "Mozilla/4.03 [en] (X11; I; Linux 2.1.89 i586)" -P proxy.company.com:8080 -T 22:ssh.example.com:443
connect-tunnel -U "Mozilla/4.03 [en] (X11; I; Linux 2.1.89 i586)" -P proxy.company.com:8080 -T 22:ssh.example.com:443 -A book:s3kr3t
connect-tunnel -U "Mozilla/4.03 [en] (X11; I; Linux 2.1.89 i586)" -P proxy.company.com:8080 -T 22:ssh.example.com:443 -A book:s3kr3t -L
connect-tunnel -U "Mozilla/4.03 [en] (X11; I; Linux 2.1.89 i586)" -P proxy.company.com:8080 -A book:s3kr3t -L -T 22:ssh.example.com:443 -T 222:ssh2.example.com:443
But naturally, you will need to correctly set up the ports in your clients.
Mmm, such a long command line would perfectly fit in an alias or a .BAT file. ;-)
The environment variable HTTP_PROXY can be used to provide a proxy definition.
Philippe BooK Bruhat, <email@example.com>.
I seem to have re-invented a well-known wheel with that script, but at least, I hope I have added a few interesting options to it.
The first version of the script was a quick hack that let me go through a corporate proxy.
Version 0.04 sits half-finished in a CVS repository at home: I couldnt decypher the spaghetti of my data structures any more. :-(
Even though its not rocket science, <B>connect-tunnelB> has been cited in at least one academic works:
o HTTP Tunnels Through Proxies, Daniel Alman
Available at SANS InfoSec Reading Room: Covert Channels <http://www.sans.org/rr/whitepapers/covert/>
Direct link: <http://www.sans.org/rr/whitepapers/covert/1202.php>
Copyright 2003-2007, Philippe Bruhat. All rights reserved.
This module is free software; you can redistribute it or modify it under the same terms as Perl itself.
|perl v5.20.3||CONNECT-TUNNEL (1)||2014-11-02|