我可以使用http隧道通过带防火墙的代理来ping或traceroute吗? [英] Can I use http tunnel to ping or traceroute through a proxy with firewall?

问题描述

我不知道是否有办法在我的LAN代理外部ping一个目标，该目标仅通过鱿鱼代理接受Http请求...我在某处读到一种解决此类问题的方法是使用http隧道因此代理仍然将请求视为Http请求.我可以用它来ping http://www.google.com吗，否则由于防火墙拒绝了该请求而出现以下错误:

I don't know if there is a way to ping a target outside my LAN proxy which accepts only Http requests through a squid proxy... I read somewhere that one way to deal with such problem is to use a http tunnel so that the proxy still sees the request as a Http request. Can I use this to ping,say, www.google.com which otherwise is giving the following error because the firewall is rejecting the request:

$ ping www.google.com
ping: unknown host www.google.com

如果是这样，怎么做...?

If so how is it done...?

我已经安装了httptunnel.任何使用它的帮助将不胜感激.

I have installed httptunnel.Any help in how to use it will be much appreciated.

推荐答案

否. Ping和traceroute使用较低层的网络协议(特别是第4层协议的ICMP和/或UDP)，并且无法在HTTP(第7层)隧道上工作.无论如何，即使您可以说服HTTP代理为您打开一个原始TCP会话(这是某些HTTP隧道的工作方式)，您也不会收到必要的数据包以确认主机可以访问. (如果是ping，则为ICMP回声回复；如果是traceroute，则为生存时间已过期的ICMP数据包)

No. Ping and traceroute make use of lower layer network protocols (ICMP and/or UDP, in particular, which are layer 4 protocols) and will not work over an HTTP (layer 7) tunnel. In any case, even if you could convince the HTTP proxy to open a raw TCP session for you (which is how some HTTP tunneling works) you would not receive the necessary packets to confirm that the host is reachable. (ICMP echo reply, in the case of ping, or the time-to-live expired ICMP packets in the case of traceroute)

要在这种情况下测试连接性，我认为您可以做的最好是HTTP"ping". (尝试与远程主机建立HTTP连接，然后查看它是否有效.)例如，您可以执行以下操作:

To test for connectivity in this situation, I think the best you can do is an HTTP "ping". (Try to establish an HTTP connection with the remote host and see if it works.) For example, you could do something like:

$ http_proxy=http://webproxy.example.com:3128 \
> curl -I http://google.com/ > /dev/null 2>&1 \
> && echo success || echo failure

假设您已安装curl，如果通过代理可以访问google.com，则会显示成功"，否则显示失败".

Assuming you have curl installed, this would print "success" if google.com is reachable through your proxy and "failure" if not.

这篇关于我可以使用http隧道通过带防火墙的代理来ping或traceroute吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！