1PROXYTUNNEL(1)                                                  PROXYTUNNEL(1)
2
3
4

NAME

6       proxytunnel - program to tunnel a connection through a standard HTTPS
7       proxy
8

SYNOPSIS

10       proxytunnel [OPTION]...
11

DESCRIPTION

13       proxytunnel is a program to tunnel any connection through a standard
14       HTTPS proxy, circumventing standard HTTP filtering mechanisms. It’s
15       mostly used as a backend for OpenSSH’s ProxyCommand, and as a proxy
16       backend for Putty. It can also be used for other proxy-traversing
17       purposes like proxy bouncing.
18

OPTIONS

20       -i, --inetd
21           Run from inetd (default: off)
22
23       -a, --standalone=port
24           Run as standalone daemon on specified port
25
26       -p, --proxy=host:_port_
27           Use host and port as the local proxy to connect to, if not
28           specified the HTTP_PROXY environment variable, if set, will be used
29           instead
30
31       -r, --remproxy=host:_port_
32           Use host and port as the remote (secondary) proxy to connect to
33
34       -d, --dest=host:_port_
35           Use host and port as the destination for the tunnel, you can also
36           specify them as the argument to the proxytunnel command
37
38       -e, --encrypt
39           SSL encrypt data between local proxy and destination
40
41       -E, --encrypt-proxy
42           SSL encrypt data between client and local proxy
43
44       -X, --encrypt-remproxy
45           SSL encrypt data between local and remote (secondary) proxy
46

ADDITIONAL OPTIONS

48       -F, --passfile=filename
49           Use filename for reading username and password for HTTPS proxy
50           authentication, the file uses the same format as .wgetrc and can be
51           shared with wget. Use this option, or environment variables to hide
52           the password from other users
53
54       -P, --proxyauth=username:_password_
55           Use username and password as credentials to authenticate against a
56           local HTTPS proxy, the username and password can also be specified
57           in the PROXYUSER and PROXYPASS environment variables to hide them
58           from other users. If the password is ommited and no PROXYPASS
59           environment variable is set, proxytunnel will prompt for a password
60
61       -R, --remproxyauth=username:_password_
62           Use username and password as credentials to authenticate against a
63           remote (secondary) HTTPS proxy, the username and password can also
64           be specified in the REMPROXYUSER and REMPROXYPASS environment
65           variables to hide them from other users. If the password is ommited
66           and no REMPROXYPASS environment variable is set, proxytunnel will
67           prompt for a password
68
69       -N, --ntlm
70           Use NTLM basd authentication
71
72       -t, --domain=STRING
73           Specify NTLM domain (default: autodetect)
74
75       -H, --header=STRING
76           Add additional HTTP headers to send to proxy
77
78       -x, --proctitle=STRING
79           Use a different process title
80

MISCELLANEOUS OPTIONS

82       -v, --verbose
83           Turn on verbosity
84
85       -q, --quiet
86           Suppress messages
87
88       -h, --help
89           Print help and exit
90
91       -V, --version
92           Print version and exit
93

ARGUMENTS

95       host:_port_ is the destination hostname and port number combination
96
97           Note
98           Specifying the destination as arguments is exactly the same as
99           specifying them using the -d or --dest option.
100

USAGE

102       Depending on your situation you might want to do any of the following
103       things:
104
105       ·   Connect through a local proxy to your home system on port 22
106
107               $ proxytunnel -v -p proxy.company.com:8080 -d system.home.nl:22
108
109       ·   Connect through a local proxy (with authentication) to your home
110           system
111
112               $ proxytunnel -v -p proxy.company.com:8080 -P username:password -d system.home.nl:22
113
114       ·   Connect through a local proxy (with authentication) hiding your
115           password
116
117               $ export PROXYPASS=password
118               $ proxytunnel -v -p proxy.company.com:8080 -P username -d system.home.nl:22
119
120       ·   Connect through a local proxy to a remote proxy and bounce to any
121           system
122
123               $ proxytunnel -v -p proxy.company.com:8080 -r proxy.athome.nl:443 -d system.friend.nl:22
124
125       ·   Connect using SSL through a local proxy to your home system
126
127               $ proxytunnel -v -E -p proxy.company.com:8080 -d system.home.nl:22
128

OPENSSH CONFIGURATION

130       To use this program with OpenSSH to connect to a host somewhere, create
131       a ~/.ssh/config file with the following content:
132
133           Host system.athome.nl
134               ProxyCommand proxytunnel -p proxy.company.com:8080 -d %h:%p
135               ServerAliveInterval 30
136
137
138           Note
139           The ServerAliveInterval directive makes sure that idle connections
140           are not being dropped by intermediate firewalls that remove active
141           sessions aggresively. If you see your connection dropping out, try
142           to lower the value even more.
143
144       To use the dynamic (SOCKS) portforwarding capability of the SSH client,
145       you can specify the DynamicForward directive in your ssh_config file
146       like:
147
148           Host system.athome.nl
149               DynamicForward 1080
150               ProxyCommand proxytunnel -p proxy.company.com:8080 -d %h:%p
151               ServerAliveInterval 30
152

NOTES

154           Important
155           Most HTTPS proxies do not allow access to ports other than HTTPS
156           (tcp/443) and SNEWS (tcp/563). In this case you need to make sure
157           the SSH daemon or remote proxy on the destination system is
158           listening on either tcp/443 or tcp/563 to get through.
159

ENVIRONMENT

161       Proxytunnel can be influenced by setting one of the following
162       environment variables:
163
164       HTTP_PROXY
165           If this environment variable is set, proxytunnel will use it as the
166           local proxy if -p or --proxy is not provided
167
168       PROXYUSER
169           If this environment variable is set, proxytunnel will use it as the
170           username for proxy authentication, unless specified using the -P or
171           --proxyauth option
172
173       PROXYPASS
174           If this environment variable is set, proxytunnel will use it as the
175           password for proxy authentication, unless specified using the -P or
176           --proxyauth option
177
178       REMPROXYUSER
179           If this environment variable is set, proxytunnel will use it as the
180           username for remote (secondary) proxy authentication, unless
181           specified using the -R or --remproxyauth option
182
183       REMPROXYPASS
184           If this environment variable is set, proxytunnel will use it as the
185           password for remote (secondary) proxy authentication, unless
186           specified using the -R or --remproxyauth option
187

SEE ALSO

189           ssh(1), ssh_config(8)
190

BUGS

192       This software is bug-free, at least we’d like to think so. If you do
193       not agree with us, please attach the proof to your friendly email :)
194

AUTHOR

196       This manpage was initially written by Loïc Le Guyader
197       <loic.leguyader@laposte.net[1]> for the Debian GNU/Linux system,
198       revamped in asciidoc by Dag Wieërs <dag@wieers.com[2]> and is now
199       maintained by the Proxytunnel developers.
200
201       Homepage at http://proxytunnel.sourceforge.net/
202

AUTHOR

204       Proxytunnel developers
205           Author.
206

NOTES

208        1. loic.leguyader@laposte.net
209           mailto:loic.leguyader@laposte.net
210
211        2. dag@wieers.com
212           mailto:dag@wieers.com
213
214
215
216  1.9.0                          Augustus 2008                  PROXYTUNNEL(1)
Impressum