I implemented a HTTP CONNECT-only proxy server in Go, where the endpoint can be a local executable on the proxy server. W/o the executable it's just a standalone HTTP CONNECT proxy server (which can be useful in itself).
It was my first Go program, and I was pleasantly surprised.
I have a desire to do some dynamic redirections based on the requested hostname/port - these redirections would be best served with a shell script.
My exact use-case is that I'd like to be able to connect to VNC ports of KVM VMs in remote datacenters where the host & VNC port may change. I figure it'd be nice to be able to say, "vncviewer appvm01.domain:0" and have the CONNECT to appvm01.domain:5900 lookup the VM->host+vncport relationship for that VM. I may have to use tsocks for VNC clients that don't support a HTTP proxy. If I can find a good free VNC client with proxy support for Windows (know of any?) then I can give Windows-only support staff the same functionality.
Anyway, the code's at http://github.com/rmt/httpconnectproxy
— by Robert Thomson, created 13th Mar, 2011, last modified 13th Mar, 2011 | Tags: Tech
Like many other unfortunates in large companies, I have to deal with networking policies that generally make it a right pain in the arse to do my job. Since we still have a job to do, we naturally work around the limitations (which, since everyone has to do it independently, will inevitably lead to under-the-radar security risks, you networking gits!)
Anyway...I just added another tool to my arsenal. I wrote a simple inetd service that works with Linux 2.6's iptables to find the destination IP and port, then passes control to another program (such as netcat-openbsd or connect-proxy). It will call the other program of your choice with the real destination IP and port appended to the argument list. Simple indeed, but powerful.
With appropriate iptables NAT redirects pointing to my xinetd services, I can provide myself with (apparent) proxy-free access to the Internet and into the various DCs with their screwy non-unified access methods. I don't expect the performance to be great with many connections, but being able to connect to arbitrary ports in the DCs w/o custom configuration will make life easier.
TProxyPass is at https://github.com/rmt/tproxypass
— by Robert Thomson, created 9th Jan, 2011, last modified 9th Jan, 2011 | Tags: Tech
