understanding example (proxying over ssh)

Boxiang Pan aquarypbx at gmail.com
Tue Feb 19 23:45:52 PST 2013


Hi, Juli,

As the first step, we just want to make sure that we setup and run wanproxy
correctly .

Here's what it shows when client started running:
[image: Inline image 1]

Here's the server when it started running:
[image: Inline image 2]

I then run on the "intranet" machine
 " root at kvmtest:~# nc -l 80 > received.file "

then run on the client machine:
 " root at kvmtest:~# nc 127.0.0.1 3300 < send.file

As soon as I hit enter, I got this error from wanproxy on my client machine
:
[image: Inline image 3]

Our client , server, and intranet are 3 virtual machines on one physical
machine , with ip address 192.168.122.10,  192.168.122.20, and
192.168.122.30.

What might have caused the error?

Thank you.

On Tue, Feb 19, 2013 at 10:03 PM, Juli Mallett <juli at clockworksquid.com>wrote:

> Hi Boxiang,
>
> Well, I suppose it depends how you intend to evaluate/test/deploy
> WANProxy.  If you are going to be using it for HTTP traffic, you
> should set up a webserver on 'intranet'.  Whatever webserver you would
> use should be fine.
>
> If you just want to see it working, start netcat (nc) listening on
> port 80 on intranet, piped to dd to /dev/null.  Then start netcat on
> the client to connect to WANProxy, with its input coming from dd from
> a file, or /dev/zero, or whatever is most appropriate for your test.
> When that's done, do the test again, and see if the results are
> different.  Choose a big file so that you have time to use tcpdump or
> netstat or ntop to watch data going over the wire.
>
> You could also have the WANProxy server connect to a service running
> on server.  If all of the systems are on the same LAN, you will not
> see any performance improvement, because server getting the content
> from intranet should be no different to client getting the content
> from intranet.
>
> What do you want to demonstrate or test about WANProxy?  To just test
> that it's "working", use netcat, and have the server connect to netcat
> running on the server as well.  That way you should be able to
> transfer data faster than line rate.
>
> On Tue, Feb 19, 2013 at 9:39 PM, Boxiang Pan <aquarypbx at gmail.com> wrote:
> > Hi, Juli,
> >
> > I've created the server and client conf files, and both the server side
> and
> > the client side wanproxy seem to be running. You mentioned that I can
> send
> > some random files over http to the client and wanproxy will forward it to
> > the "intranet:80".  I am not sure how should I do this, plus, should
> there
> > be some process (eg: apache webserver) running on the intranet and
> listening
> > on port 80 before I can send some random file to it? Could you please be
> > more specific about how I may test to see if wanproxy is working
> correctly?
> >
> > Thank you.
> >
> >
> > On Tue, Feb 19, 2013 at 11:53 AM, Juli Mallett <juli at clockworksquid.com>
> > wrote:
> >>
> >> Boxiang,
> >>
> >> That looks exactly right to me.  Is it working for you in practice?
> >>
> >> Thanks,
> >> Juli.
> >>
> >> On Tue, Feb 19, 2013 at 11:50 AM, Boxiang Pan <aquarypbx at gmail.com>
> wrote:
> >> > Hi, Juli,
> >> >
> >> > We will remove the ssh forwarding part then.  Here's a digram with our
> >> > conf
> >> > files that I drew to show what I meant in the previous email. So all
> >> > traffic
> >> > that goest to "127.0.0.1:3300" on the client machine (192.168.0.100)
> >> > will be
> >> > forward to the server (192.168.0.101:3301) , and then the server will
> >> > forward the traffic to the intranet (192.168.0.102:80). Is this
> correct?
> >> >
> >> > Thank you.
> >> >
> >> >
> >> > On Tue, Feb 19, 2013 at 12:47 AM, Juli Mallett <
> juli at clockworksquid.com>
> >> > wrote:
> >> >>
> >> >> Your understanding sounds correct to me at a glance.  A diagram may
> be
> >> >> more helpful than text, though.
> >> >>
> >> >> Your client and server should be separate machines, whether on the
> >> >> same LAN or with a WAN in between them.  SSH is just being used here
> >> >> to encrypt and authenticate the traffic between the client and
> server,
> >> >> and to forward ports on localhost so that you don't have to have
> ports
> >> >> listening where something else could connect to them.
> >> >>
> >> >> If that's confusing or unnecessary for your testing, I would suggest
> >> >> that you remove the SSH port forwarding from the picture entirely.
> >> >> It's not necessary for correct operation, and seems to be more of a
> >> >> stumbling block than I had assumed when I used it in the example on
> >> >> the website.
> >> >>
> >> >> Thanks,
> >> >> Juli.
> >> >>
> >> >> On Tue, Feb 19, 2013 at 12:19 AM, Boxiang Pan <aquarypbx at gmail.com>
> >> >> wrote:
> >> >> > Hi,
> >> >> >
> >> >> > I am still having some doubts understanding the first example
> >> >> > (proxying
> >> >> > over
> >> >> > ssh) at wanproxy.org/examples.shtml.
> >> >> >
> >> >> > Please correct me if I am wrong. From my understanding, we have a
> >> >> > client
> >> >> > machine, on which we have client.conf and run wanproxy -c
> >> >> > client.conf.
> >> >> > In
> >> >> > the client.conf, it listens on if0.host on port if0.port, then
> >> >> > forward
> >> >> > the
> >> >> > connection to peer0.host on peer0.port.
> >> >> >
> >> >> > Next, we have a server machine, on which we have server.conf. In
> >> >> > server.conf, it listens incoming connection on if0.host on
> if0.port (
> >> >> > This
> >> >> > implies that "peer0.host, peer0.port" in client.conf should be the
> >> >> > same
> >> >> > as
> >> >> > "if0.host, if0.port" in server.conf) , and forward the connection
> to
> >> >> > peer0.host ("intranet" in the example) on peer0.port. Finally, on
> the
> >> >> > server
> >> >> > machine, we run "ssh -L 3301:localhost:3301 username at serverwanproxy
> >> >> > -c
> >> >> > server.conf " , where the username is the login name of the server
> >> >> > machine.
> >> >> > (question: what should localhost in the above command be if my
> client
> >> >> > and
> >> >> > server are separate machines on the same LAN?)
> >> >> >
> >> >> > Besides the server and the client, we also have a third machine
> >> >> > "intranet",
> >> >> > that listens on "peer0.port" in the server.conf ( 80 in the
> example).
> >> >> > This
> >> >> > machine does not need to have wanproxy installed.
> >> >> >
> >> >> > What we did here was to forward everything that goes to "if0.host ,
> >> >> > if0.port"  in client.conf , by the proxy at "if0.host, if0.port" in
> >> >> > server.conf,  to the "intranet" machine at port 80.  For example,
> if
> >> >> > I
> >> >> > type
> >> >> > "ssh user at 127.0.0.1 -p 3300", it will actually connect to
> "intranet"
> >> >> > on
> >> >> > port
> >> >> > 80.
> >> >> >
> >> >> > Please correct me if I am wrong. Thank you very much.
> >> >> >
> >> >> > --
> >> >> > Boxiang Pan
> >> >> >
> >> >> > Department of Electrical and Computer Engineering
> >> >> > University of California, San Diego
> >> >> > Tel: 858-999-7655
> >> >> >
> >> >> >
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> >
> >> > Boxiang Pan
> >> >
> >> > Department of Electrical and Computer Engineering
> >> > University of California, San Diego
> >> >
> >> >
> >> >
> >
> >
> >
> >
> > --
> > 潘博翔
> > Boxiang Pan
> >
> > Department of Electrical and Computer Engineering
> > University of California, San Diego
> > Tel: 858-999-7655
> >
> >
>



-- 
潘博翔
Boxiang Pan

Department of Electrical and Computer Engineering
University of California, San Diego
Tel: 858-999-7655
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/2eac09b8/attachment-0003.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 42385 bytes
Desc: not available
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/2eac09b8/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 43910 bytes
Desc: not available
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/2eac09b8/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 55585 bytes
Desc: not available
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/2eac09b8/attachment-0011.png>


More information about the wanproxy mailing list