Reitwiessner.de
u2nl
printable version
Meta (en)
Changelog (en)
Legal Information (en)
Openmoko (en)
Evopedia (en)
Fourier (en)
PodCat (en)
PyTomboy (en)
Programs (en)
Tomboy-LaTeX (en)
JAM (en)
JRoller (en)
u2nl (en)
Susi (en)
Minas (en)
Sparkler (en)
Shuffler (en)
Photon (en)
Cyanide (en)
Symbian (en)
Name Breaker (en)
Misc (en)
Teilchenbeschleuniger (de)

What Is It?

First of all, I want to make clear that you are not allowed to use u2nl if your network administrator prohibits its use. u2nl is capable of subverting network security (i.e. the network administrator thought his/her network was secure, but it isn't, since this program does not use a security hole but a proxy feature), so if your network administrator does not want you to make outbound connections to the internet to any host and any port, you are not allowed to use u2nl to accomplish this.
But now to the fun part ;-)

u2nl (pronounce: "u-tunnel", universal tunnel) is capable of tunneling each and every TCP network connection from a Linux (2.4 and above, with netfilter) computer through a firewall without the need of a host behind the firewall that receives the tunnel. This is accomplished by using a https-proxy (a http proxy that understands the CONNECT command), that means such a proxy must be reachable by the firewalled host, and it must allow the connections to be tunneled (many https proxies limit the destination port to 443 (https)).

Once again: We have two hosts: Host A and B.
Host A is your local Linux computer you have root access to, host B is the firewall that blocks all connections to the Internet, but provides a http proxy that understands the CONNECT command and also allows you to make arbitrary connections via that command (this is normally a misconfiguration by the admin of host B). To test this, simply telnet to the proxy and type "CONNECT host:port HTTP/1.0" followed by two times return and check the response. u2nl can now automatically and transparently tunnel all connections from host A through the proxy B to the internet. Connections from hosts behind host A, for which host A acts as a gateway are also tunneled.

Usage

I assume now, you have found out the ip address and port of the https proxy we use for tunneling. You have to make sure, that your Linux host forwards all connections to a port, u2nl is listening on. Do something like the following (replace OUTPUT by PREROUTING if the Linux computer is only a gateway):

# iptables -t nat -A OUTPUT -p tcp -d ! <proxy host> -j REDIRECT --to-port <listen port>

Where <proxy host> is the ip address/hostname of the proxy host and <listen port> is the port (you choose, something above 1024) u2nl will be listening on. Now start u2nl:

# u2nl <proxy host> <proxy port> <listen port>

Where <proxy port> is the port of the https proxy (normally 8080 or 80) and <listen port> is the (same as above) port u2nl will be listening on. The tunnel should work now.

Download and License

u2nl Version 1.3 (2006-04-12): u2nl-1.3.tar.gz (31 kB)
These files contain the source code and precompiled versions for x86 computers. You can use it, but be warned that I do not take any responsibilities caused by this binary (nor by any binary compiled from the source), it may not even run.

The program is freely distributable under the terms of the GNU General Public License

Authors

Christian Reitwießner had the initial idea and wrote the first code. Diego Woitasen contributed with a patch that fixed some bugs and added some features and Rutger Nijlunsing fixed an endianness-bug.

Information from Reitwiessner.de
http://www.reitwiessner.de 		Copyright 2006 Christian Reitwießner
christian@reitwiessner.de 		License of this document (not the whole site): FDL
http://www.gnu.org/copyleft/fdl.html 		Last modification:
2006-04-12 13:14:50 GMT