A Perl Proxy Program

 

What? Why? How?

If you are behind a firewall which does not route packets from a local network to the internet, you cannot make your palace (or any other services for that matter) running behind the firewall available to the outside world. When run on the gateway box, the following scripts get around this problem.

To see how this works, consider what I have set up. On my local network, behind the gateway box (virtual.dyc.edu), I have a Mac (evilsprite) running a palace on port 9998 and a web page on port 80. Virtual is not routing packets between its local net and the internet, so to make these services available to the outside, I use the following scripts to map evilsprite's palace service onto port 29998 on virtual, and its web service onto port 20080 on virtual. In other words, to connect to the palace on evilsprite from the internet, one connects to palace://virtual.dyc.edu:29998. Similarly, to get to the web page on evilsprite, one directs one's browser to http://virtual.dyc.edu:20080. (These may not be up right now, but they were when I wrote this.)

In brief, what the perl script does, is it listens on port 20080 (say) for incoming connections. Once a socket connection is established with the remote host, the script then establishes a second socket connection with the local host running its service on port 80 (say). Data is then simply streamed between the two sockets. Multiple connections are handled by forking children processes which take care of established connections, while the parent listens for new ones. Since there may be several services you wish to proxy, there is a start up script (start-proxies) which reads a configuration file (proxies.conf) and for each service to be proxied, starts up a proxying thread (start-service). You can also check the status of what is being proxied (status-proxies), and you can shut off all proxying (stop-proxies).

Here are the perl scripts and configuartion file. You should not have to edit anything except the proxies.conf file to suite your local network setup.

start-proxies (Please read the terms of use!)

proxies.conf (Please read the terms of use!)

start-service (Please read the terms of use!)

status-proxies (Please read the terms of use!)

stop-proxies (Please read the terms of use!)

Take off the .txt extension after downloading, and put all the files into the same directory on the gateway box. Then:

0. Make sure to set the correct privileges on the executables. (Do a chmod +x on the perl scripts.) Make sure you have perl on your system and that it is located at /usr/bin/perl. If not, find where it is (do a which perl) and change the first line of the perl scripts. If you don't have perl, install it!!!

1. Edit the proxies.conf file to suite your local net. The fields are self explanatory. If you want a service running on port 80 on the local box (evilsprite, say) to be mapped to port 20080 on the gateway box, then the entry is:

Web Service:evilsprite:80:20080

Note the fields are delimited by a colon. Everything after a # is treated as a comment, and blank lines are ignored. The first field is for human's only and adds to the legibility of the conf file.

(Aside: If you are running a palace, remember that the outside world only sees the gateway box and port for the various services proxied out. So set the URL, HTTP_URL and AVATAR_URL fields in the pserver.prefs accordingly, i.e. to the setting a client on the internet needs to get at those services. Here's an example example of a palace proxied out through virtual on port 29998, but whose palace httpd service is proxied out on port 29990: pserver.prefs.)

2. Do not run as root! As with all communication software, run it setuid to some limited user, like nobody. (Do a su nobody before starting the proxies.) Then, in the directory with the above files, do

./start-proxies

3. To see if your proxies are working, do

./status-proxies

Note that you may see multiple threads running for the same proxied service. This is because at any given time, there may be several active connections --- except for the parent, each thread corresponds to an active connection.

4. To stop all the proxing threads, do

./stop-proxies

The scripts generate logs in the form of evilsprite.80.20080.log for the proxied service mapped from port 80 on evilsprite to 20080 on the gateway box. All connections are logged.

ADDED GOODIE: Here's a Sys V style init script which you can install so that your proxy services start up automatically when rebooting or entering a given runlevel:proxies. The script is installed similarly to the one I wrote for palace, available here.

Happy sys admining, and email comments to noname@virtual.dyc.edu