understanding example (proxying over ssh)

Juli Mallett juli at clockworksquid.com
Tue Feb 19 23:51:03 PST 2013 

Set if0.host to 0.0.0.0 or 192.168.0.101 on the server.  The problem is
that WANProxy on the server is only listening on localhost; you need it to
listen on an interface the client can reach it on.


On Tue, Feb 19, 2013 at 11:45 PM, Boxiang Pan <aquarypbx at gmail.com> wrote:

> Hi, Juli,
>
> As the first step, we just want to make sure that we setup and run
> wanproxy correctly .
>
> Here's what it shows when client started running:
> [image: Inline image 1]
>
> Here's the server when it started running:
> [image: Inline image 2]
>
> I then run on the "intranet" machine
>  " root at kvmtest:~# nc -l 80 > received.file "
>
> then run on the client machine:
>  " root at kvmtest:~# nc 127.0.0.1 3300 < send.file
>
> As soon as I hit enter, I got this error from wanproxy on my client
> machine :
> [image: Inline image 3]
>
> Our client , server, and intranet are 3 virtual machines on one physical
> machine , with ip address 192.168.122.10,  192.168.122.20, and
> 192.168.122.30.
>
> What might have caused the error?
>
> Thank you.
>
> On Tue, Feb 19, 2013 at 10:03 PM, Juli Mallett <juli at clockworksquid.com>wrote:
>
>> Hi Boxiang,
>>
>> Well, I suppose it depends how you intend to evaluate/test/deploy
>> WANProxy.  If you are going to be using it for HTTP traffic, you
>> should set up a webserver on 'intranet'.  Whatever webserver you would
>> use should be fine.
>>
>> If you just want to see it working, start netcat (nc) listening on
>> port 80 on intranet, piped to dd to /dev/null.  Then start netcat on
>> the client to connect to WANProxy, with its input coming from dd from
>> a file, or /dev/zero, or whatever is most appropriate for your test.
>> When that's done, do the test again, and see if the results are
>> different.  Choose a big file so that you have time to use tcpdump or
>> netstat or ntop to watch data going over the wire.
>>
>> You could also have the WANProxy server connect to a service running
>> on server.  If all of the systems are on the same LAN, you will not
>> see any performance improvement, because server getting the content
>> from intranet should be no different to client getting the content
>> from intranet.
>>
>> What do you want to demonstrate or test about WANProxy?  To just test
>> that it's "working", use netcat, and have the server connect to netcat
>> running on the server as well.  That way you should be able to
>> transfer data faster than line rate.
>>
>> On Tue, Feb 19, 2013 at 9:39 PM, Boxiang Pan <aquarypbx at gmail.com> wrote:
>> > Hi, Juli,
>> >
>> > I've created the server and client conf files, and both the server side
>> and
>> > the client side wanproxy seem to be running. You mentioned that I can
>> send
>> > some random files over http to the client and wanproxy will forward it
>> to
>> > the "intranet:80".  I am not sure how should I do this, plus, should
>> there
>> > be some process (eg: apache webserver) running on the intranet and
>> listening
>> > on port 80 before I can send some random file to it? Could you please be
>> > more specific about how I may test to see if wanproxy is working
>> correctly?
>> >
>> > Thank you.
>> >
>> >
>> > On Tue, Feb 19, 2013 at 11:53 AM, Juli Mallett <juli at clockworksquid.com
>> >
>> > wrote:
>> >>
>> >> Boxiang,
>> >>
>> >> That looks exactly right to me.  Is it working for you in practice?
>> >>
>> >> Thanks,
>> >> Juli.
>> >>
>> >> On Tue, Feb 19, 2013 at 11:50 AM, Boxiang Pan <aquarypbx at gmail.com>
>> wrote:
>> >> > Hi, Juli,
>> >> >
>> >> > We will remove the ssh forwarding part then.  Here's a digram with
>> our
>> >> > conf
>> >> > files that I drew to show what I meant in the previous email. So all
>> >> > traffic
>> >> > that goest to "127.0.0.1:3300" on the client machine (192.168.0.100)
>> >> > will be
>> >> > forward to the server (192.168.0.101:3301) , and then the server
>> will
>> >> > forward the traffic to the intranet (192.168.0.102:80). Is this
>> correct?
>> >> >
>> >> > Thank you.
>> >> >
>> >> >
>> >> > On Tue, Feb 19, 2013 at 12:47 AM, Juli Mallett <
>> juli at clockworksquid.com>
>> >> > wrote:
>> >> >>
>> >> >> Your understanding sounds correct to me at a glance.  A diagram may
>> be
>> >> >> more helpful than text, though.
>> >> >>
>> >> >> Your client and server should be separate machines, whether on the
>> >> >> same LAN or with a WAN in between them.  SSH is just being used here
>> >> >> to encrypt and authenticate the traffic between the client and
>> server,
>> >> >> and to forward ports on localhost so that you don't have to have
>> ports
>> >> >> listening where something else could connect to them.
>> >> >>
>> >> >> If that's confusing or unnecessary for your testing, I would suggest
>> >> >> that you remove the SSH port forwarding from the picture entirely.
>> >> >> It's not necessary for correct operation, and seems to be more of a
>> >> >> stumbling block than I had assumed when I used it in the example on
>> >> >> the website.
>> >> >>
>> >> >> Thanks,
>> >> >> Juli.
>> >> >>
>> >> >> On Tue, Feb 19, 2013 at 12:19 AM, Boxiang Pan <aquarypbx at gmail.com>
>> >> >> wrote:
>> >> >> > Hi,
>> >> >> >
>> >> >> > I am still having some doubts understanding the first example
>> >> >> > (proxying
>> >> >> > over
>> >> >> > ssh) at wanproxy.org/examples.shtml.
>> >> >> >
>> >> >> > Please correct me if I am wrong. From my understanding, we have a
>> >> >> > client
>> >> >> > machine, on which we have client.conf and run wanproxy -c
>> >> >> > client.conf.
>> >> >> > In
>> >> >> > the client.conf, it listens on if0.host on port if0.port, then
>> >> >> > forward
>> >> >> > the
>> >> >> > connection to peer0.host on peer0.port.
>> >> >> >
>> >> >> > Next, we have a server machine, on which we have server.conf. In
>> >> >> > server.conf, it listens incoming connection on if0.host on
>> if0.port (
>> >> >> > This
>> >> >> > implies that "peer0.host, peer0.port" in client.conf should be the
>> >> >> > same
>> >> >> > as
>> >> >> > "if0.host, if0.port" in server.conf) , and forward the connection
>> to
>> >> >> > peer0.host ("intranet" in the example) on peer0.port. Finally, on
>> the
>> >> >> > server
>> >> >> > machine, we run "ssh -L 3301:localhost:3301 username at serverwanproxy
>> >> >> > -c
>> >> >> > server.conf " , where the username is the login name of the server
>> >> >> > machine.
>> >> >> > (question: what should localhost in the above command be if my
>> client
>> >> >> > and
>> >> >> > server are separate machines on the same LAN?)
>> >> >> >
>> >> >> > Besides the server and the client, we also have a third machine
>> >> >> > "intranet",
>> >> >> > that listens on "peer0.port" in the server.conf ( 80 in the
>> example).
>> >> >> > This
>> >> >> > machine does not need to have wanproxy installed.
>> >> >> >
>> >> >> > What we did here was to forward everything that goes to "if0.host
>> ,
>> >> >> > if0.port"  in client.conf , by the proxy at "if0.host, if0.port"
>> in
>> >> >> > server.conf,  to the "intranet" machine at port 80.  For example,
>> if
>> >> >> > I
>> >> >> > type
>> >> >> > "ssh user at 127.0.0.1 -p 3300", it will actually connect to
>> "intranet"
>> >> >> > on
>> >> >> > port
>> >> >> > 80.
>> >> >> >
>> >> >> > Please correct me if I am wrong. Thank you very much.
>> >> >> >
>> >> >> > --
>> >> >> > Boxiang Pan
>> >> >> >
>> >> >> > Department of Electrical and Computer Engineering
>> >> >> > University of California, San Diego
>> >> >> > Tel: 858-999-7655
>> >> >> >
>> >> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> >
>> >> > Boxiang Pan
>> >> >
>> >> > Department of Electrical and Computer Engineering
>> >> > University of California, San Diego
>> >> >
>> >> >
>> >> >
>> >
>> >
>> >
>> >
>> > --
>> > 潘博翔
>> > Boxiang Pan
>> >
>> > Department of Electrical and Computer Engineering
>> > University of California, San Diego
>> > Tel: 858-999-7655
>> >
>> >
>>
>
>
>
> --
> 潘博翔
> Boxiang Pan
>
> Department of Electrical and Computer Engineering
> University of California, San Diego
> Tel: 858-999-7655
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/c3825c40/attachment-0003.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 55585 bytes
Desc: not available
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/c3825c40/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 43910 bytes
Desc: not available
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/c3825c40/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 42385 bytes
Desc: not available
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130219/c3825c40/attachment-0011.png>

More information about the wanproxy mailing list