Re: netcat as an http proxy server
From: Alan Connor (zzzzzz_at_xxx.yyy)
Date: 06/20/04
- Next message: Menno Duursma: "Re: netcat as an http proxy server"
- Previous message: -Joe: "Re: How to: Setup Linux Box with MS Windows PC's"
- In reply to: noone: "netcat as an http proxy server"
- Next in thread: Menno Duursma: "Re: netcat as an http proxy server"
- Reply: Menno Duursma: "Re: netcat as an http proxy server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 20 Jun 2004 20:36:24 GMT
On Sun, 20 Jun 2004 15:16:01 +0200, noone <noone@nowhere.com> wrote:
>
>
> Hi,
>
> I want to use netcat as an http proxy. So I type the command
>
> nc -l -p 1234 localhost 19080
>
> Then in another window I type
>
> nc localhost 1234
>
> But then, immediately, the server in the first window stops with the
> following error:
>
> invalid connection to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 32805
>
> What's wrong?
I'd check my firewall for a SYN packet block.
If you are using iptables, run iptables --list and you may see something
like:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
Or, if you have a telnetd running try to connect to it at 127.0.0.1 and
you probably won't be able to.
netcat -v -v 127.0.0.1 23
>
> Thanks for your help,
>
> David.
>
I use netcat a little, and find it fascinating, but there isn't much
in the way of docs around. Searched hi and lo on the inet.
Would appreciate it if you'd describe what all the aruments in
nc -l -p 1234 localhost 19080
mean. I can see that you are listening on local port 1234, but the
rest isn't clear. Is 19080 the remote port that the connection is
listening for? Why 'localhost' ? Isn't that redundant with -p
option specified?
This is the only part of the nc README that refers to 'localhost':
You can use netcat to protect your own workstation's X server against outside
access. X is stupid enough to listen for connections on "any" and never tell
you when new connections arrive, which is one reason it is so vulnerable. Once
you have all your various X windows up and running you can use netcat to bind
just to your ethernet address and listen to port 6000. Any new connections
from outside the machine will hit netcat instead your X server, and you get a
log of who's trying. You can either tell netcat to drop the connection, or
perhaps run another copy of itself to relay to your actual X server on
"localhost". This may not work for dedicated X terminals, but it may be
possible to authorize your X terminal only for its boot server, and run a relay
netcat over on the server that will in turn talk to your X terminal. Since
netcat only handles one listening connection per run, make sure that whatever
way you rig it causes another one to run and listen on 6000 soon afterward, or
your real X server will be reachable once again. A very minimal script just
to protect yourself could be
while true ; do
nc -v -l -s <your-addr> -p 6000 localhost 2
done
which causes netcat to accept and then close any inbound connection to your
workstation's normal ethernet address, and another copy is immediately run by
the script. Send standard error to a file for a log of connection attempts.
If your system can't do the "specific bind" thing all is not lost; run your
X server on display ":1" or port 6001, and netcat can still function as a probe
alarm by listening on 6000.
endquote
AC
- Next message: Menno Duursma: "Re: netcat as an http proxy server"
- Previous message: -Joe: "Re: How to: Setup Linux Box with MS Windows PC's"
- In reply to: noone: "netcat as an http proxy server"
- Next in thread: Menno Duursma: "Re: netcat as an http proxy server"
- Reply: Menno Duursma: "Re: netcat as an http proxy server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
