understanding example (proxying over ssh)

[Juli Mallett]

Hi Boxiang,

Well, I suppose it depends how you intend to evaluate/test/deploy
WANProxy.  If you are going to be using it for HTTP traffic, you
should set up a webserver on 'intranet'.  Whatever webserver you would
use should be fine.

If you just want to see it working, start netcat (nc) listening on
port 80 on intranet, piped to dd to /dev/null.  Then start netcat on
the client to connect to WANProxy, with its input coming from dd from
a file, or /dev/zero, or whatever is most appropriate for your test.
When that's done, do the test again, and see if the results are
different.  Choose a big file so that you have time to use tcpdump or
netstat or ntop to watch data going over the wire.

You could also have the WANProxy server connect to a service running
on server.  If all of the systems are on the same LAN, you will not
see any performance improvement, because server getting the content
from intranet should be no different to client getting the content
from intranet.

What do you want to demonstrate or test about WANProxy?  To just test
that it's "working", use netcat, and have the server connect to netcat
running on the server as well.  That way you should be able to
transfer data faster than line rate.

On Tue, Feb 19, 2013 at 9:39 PM, Boxiang Pan <aquarypbx at gmail.com> wrote:
> Hi, Juli,
>
> I've created the server and client conf files, and both the server side and
> the client side wanproxy seem to be running. You mentioned that I can send
> some random files over http to the client and wanproxy will forward it to
> the "intranet:80".  I am not sure how should I do this, plus, should there
> be some process (eg: apache webserver) running on the intranet and listening
> on port 80 before I can send some random file to it? Could you please be
> more specific about how I may test to see if wanproxy is working correctly?
>
> Thank you.
>
>
> On Tue, Feb 19, 2013 at 11:53 AM, Juli Mallett <juli at clockworksquid.com>
> wrote:
>>
>> Boxiang,
>>
>> That looks exactly right to me.  Is it working for you in practice?
>>
>> Thanks,
>> Juli.
>>
>> On Tue, Feb 19, 2013 at 11:50 AM, Boxiang Pan <aquarypbx at gmail.com> wrote:
>> > Hi, Juli,
>> >
>> > We will remove the ssh forwarding part then.  Here's a digram with our
>> > conf
>> > files that I drew to show what I meant in the previous email. So all
>> > traffic
>> > that goest to "127.0.0.1:3300" on the client machine (192.168.0.100)
>> > will be
>> > forward to the server (192.168.0.101:3301) , and then the server will
>> > forward the traffic to the intranet (192.168.0.102:80). Is this correct?
>> >
>> > Thank you.
>> >
>> >
>> > On Tue, Feb 19, 2013 at 12:47 AM, Juli Mallett <juli at clockworksquid.com>
>> > wrote:
>> >>
>> >> Your understanding sounds correct to me at a glance.  A diagram may be
>> >> more helpful than text, though.
>> >>
>> >> Your client and server should be separate machines, whether on the
>> >> same LAN or with a WAN in between them.  SSH is just being used here
>> >> to encrypt and authenticate the traffic between the client and server,
>> >> and to forward ports on localhost so that you don't have to have ports
>> >> listening where something else could connect to them.
>> >>
>> >> If that's confusing or unnecessary for your testing, I would suggest
>> >> that you remove the SSH port forwarding from the picture entirely.
>> >> It's not necessary for correct operation, and seems to be more of a
>> >> stumbling block than I had assumed when I used it in the example on
>> >> the website.
>> >>
>> >> Thanks,
>> >> Juli.
>> >>
>> >> On Tue, Feb 19, 2013 at 12:19 AM, Boxiang Pan <aquarypbx at gmail.com>
>> >> wrote:
>> >> > Hi,
>> >> >
>> >> > I am still having some doubts understanding the first example
>> >> > (proxying
>> >> > over
>> >> > ssh) at wanproxy.org/examples.shtml.
>> >> >
>> >> > Please correct me if I am wrong. From my understanding, we have a
>> >> > client
>> >> > machine, on which we have client.conf and run wanproxy -c
>> >> > client.conf.
>> >> > In
>> >> > the client.conf, it listens on if0.host on port if0.port, then
>> >> > forward
>> >> > the
>> >> > connection to peer0.host on peer0.port.
>> >> >
>> >> > Next, we have a server machine, on which we have server.conf. In
>> >> > server.conf, it listens incoming connection on if0.host on if0.port (
>> >> > This
>> >> > implies that "peer0.host, peer0.port" in client.conf should be the
>> >> > same
>> >> > as
>> >> > "if0.host, if0.port" in server.conf) , and forward the connection to
>> >> > peer0.host ("intranet" in the example) on peer0.port. Finally, on the
>> >> > server
>> >> > machine, we run "ssh -L 3301:localhost:3301 username at server wanproxy
>> >> > -c
>> >> > server.conf " , where the username is the login name of the server
>> >> > machine.
>> >> > (question: what should localhost in the above command be if my client
>> >> > and
>> >> > server are separate machines on the same LAN?)
>> >> >
>> >> > Besides the server and the client, we also have a third machine
>> >> > "intranet",
>> >> > that listens on "peer0.port" in the server.conf ( 80 in the example).
>> >> > This
>> >> > machine does not need to have wanproxy installed.
>> >> >
>> >> > What we did here was to forward everything that goes to "if0.host ,
>> >> > if0.port"  in client.conf , by the proxy at "if0.host, if0.port" in
>> >> > server.conf,  to the "intranet" machine at port 80.  For example, if
>> >> > I
>> >> > type
>> >> > "ssh user at 127.0.0.1 -p 3300", it will actually connect to "intranet"
>> >> > on
>> >> > port
>> >> > 80.
>> >> >
>> >> > Please correct me if I am wrong. Thank you very much.
>> >> >
>> >> > --
>> >> > Boxiang Pan
>> >> >
>> >> > Department of Electrical and Computer Engineering
>> >> > University of California, San Diego
>> >> > Tel: 858-999-7655
>> >> >
>> >> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > Boxiang Pan
>> >
>> > Department of Electrical and Computer Engineering
>> > University of California, San Diego
>> >
>> >
>> >
>
>
>
>
> --
> 潘博翔
> Boxiang Pan
>
> Department of Electrical and Computer Engineering
> University of California, San Diego
> Tel: 858-999-7655
>
>