Q: I'm not real sure what httptunnel can be used for exactly?  
A: It's a generic tool for sending data in and out through an HTTP proxy. This is not very useful in itself, so you must run another program which uses this data "tunnel". For example, you could use telnet to log in on a computer ouside the proxy.  
Q: How do I get this going through a proxy?  
A: On the server you must run hts. If I wanted to have port 80 (http) redirect all traffic to port 23 (telnet) then it would go something like: 


hts -F server.test.com:23 80


On the client you would run htc. If you are going through a proxy, the -P option is needed,otherwise omit it. 


htc -P proxy.corp.com:80 -F 23 server.test.com:80


Then telnet localhost and it will redirect the traffic out to port 80 on the proxy server and on to port 80 of the server, then to port 23. 
 
Q: httptunnel craches my SuSE 5.3 box, why?  
A: I don't know, but upgrading to 6.0 seems to help.  
Q: I'm responsible for network security in our company. My question is: are there any characteristics of the communication that may be detected at the proxy?  
A: Maybe. I make no guarantees. Use the source.  
Q: I wrote 'hts -d /dev/ptyq1' but 'cat </dev/ptyq1' returns an error.  
A: Use 'cat </dev/ttyq1' instead.  
Q: My friend runs hts at port 8888, but when I try to connect to it, there is no response.  
A: As for now, hts can't handle multiple tunnels. You must run your own instance of hts listening to another port.  
Q: Is there a Windows/95/98/NT version?  
A: It's possible to build and run httptunnel in the Cygwin environment. See http://sourceware.cygnus.com/cygwin/.  
Q: Are there binaries of httptunnel for win32(Windows/95/98/NT) anywhere?  
A: On the homepage, there is a link to someone maintaining win32 binaries.  
Q: Is there a Macintoch version?  
A: Not that I know of.  
Q: My firewall requires HTTP user authentication (which is currently not supported by httptunnel). Do you plan to add something like that?  
A: Yes.  
Q: How hard would it be to implement "hts" as a cgi running on a normal web server?  
A: hts can't be called directly from the HTTP server, because hts will service many connections during the lifetime of the tunnel. If the HTTP server executed a new instance of hts every time a new request was made, each new hts wouldn't have access to the prior state of the tunnel. 

However, a CGI proxy which forwards the requests to a normal hts listening to a port != 80 whould most probably be quite trivial to implement. 
 
Q: Have you thought of using HTTPS?  
A: It has been suggested, but I'd rather avoid all the nasty export restrictions. You can use external software to get an encrypted tunnel.  
Q: On REMOTE (brugd.ctrl-c.liu.se) I do the following: 


hts -F localhost:23 8888


This worked the first time, but never since... now I only get: 


hts: couldn't create tunnel


 
A: The first hts is still running in the background.  
Q: On LOCAL (dhcp-XXX.enea.se) I do: 


htc -F 2323 -P http://internwebb/proxy2.pac:8000 brugd.ctrl-c.liu.se:8888


Now, I try: 


[root@localhost httptunnel-1.101]# telnet localhost 2323
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused


 
A: [Christian Brideau] http://internwebb/proxy2.pac:8000 is not exactly the proxy's adress. This is the location of the Proxy-Auto-Configure (PAC) file. This file contains the adress of the proxy server. To discover the real adress, just go to an external web page using a browser and then use netstat to figure out what adress your browser is using.  
Q: Why does 'configure' fail on HP-UX?  
A: Because you haven't installed gcc. If 


CFLAGS=-O ./configure


doesn't work, you must get gcc, or at least an ANSI C compiler. 
 
Q: When I use SSH (or VNC, or <insert other program here>) over GNU httptunnel, the program locks up after a few minutes (or hours). When I close the program and attempt to reconnect, SSH times out. What's wrong?  
A: Your httptunnel connection has failed on the client end (possibly due to network congestion), but the server end has not recognized that the connection has been lost and won't allow another connection until the first connection times out. To establish a more stable tunnel, try experimenting with the various options for the htc and hts programs. The following settings seem to work pretty well for me, but your mileage may vary: 


hts -S --max-connection-age 20000 -F localhost:22 8890



htc -F 8890 --strict-content-length -B 5k --max-connection-age 2000 -P proxy.mycompany.com:8080 10.1.1.1:8890


 
Q: Okay, I've found some settings that seem to work for me, but I still get "locked out" on occasion and have to wait for the server end (hts) to time out. Is there any way to reestablish the tunnel without waiting for hts to timeout?  
A: Set up at least two tunnels. After the first tunnel hangs, connect to the ffserver machine using SSH (or Telnet if you don't care about security) and manually kill the instance of the hts server that is hung and recreate the tunnel by running hts again. Then you should be able to reconnect to the original tunnel. BE SURE TO KILL THE TUNNEL THAT IS HUNG UP, NOT THE ONE TO WHICH YOU ARE CONNECTED! How do you do this? Here is an example of how to do this on Linux. [On a Windows server, a similar technique should work, but it may be more difficult to distinguish between separate instances of hts on Windows because Task Manager only displays the name of the program (hts) and not the full command that launched it.] 


#Use the 'w' option to see the entire line
#so that you can determine which instance of
#hts to kill depending on the port number.
$ ps aux w|grep hts
my_user_name  7268  0.0  0.3  1692  768 ?        S    Sep24   0:00 hts -S -F localhost:22 8890
my_user_name  7270  0.0  0.2  1692  744 ?        S    Sep24   0:00 hts -S -F localhost:22 8891
my_user_name 10515  0.0  0.2  1692  720 ?        S    15:37   0:00 hts -S -F localhost:22 8889
my_user_name 10549  0.0  0.2  1624  616 pts/2    S    15:40   0:00 grep hts

#assuming that the httptunnel on port 8889 is the one     
#that has hung up
$ kill 10515

#restart hts with the same options to
#reestablish the tunnel.
$ hts -S -F localhost:22 8889


Once you have reestablished the tunnel, your existing instance of htc on the client should be able to reestablish the tunnel without any additional steps. If in doubt, you could also kill htc on the client and rerun htc, but I have not generally found that to be necessary. 
 
Q: Why do I keep getting errors like the ones listed below in my Application Event Log while using htc on Windows? What does "HTTP error -503" mean? 

9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : exit with status = 1. 

9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : couldn't open tunnel: I/O error. 

9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : http_error_to_errno: HTTP error -503. 

9/24/2001 2:10:15 PM htc Error None 0 N/A MYPC_NAME The description for Event ID ( 0 ) in Source ( htc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: htc : Win32 Process Id = 0x6BC : Cygwin Process Id = 0x6BC : tunnel_in_connect: HTTP error 503. 
 
A: HTTP 503 is the standard HTTP error that means "Service Unavailable." In this case, it means that the htc client cannot connect to the server. In the example above, the hts program had not yet been started on ther server side, but the same error might indicate other types of network or server errors.