Making a socket connection via a proxy server
heikowu at ceosg.de
Sun Aug 1 16:55:45 CEST 2004
> Fuzzyman wrote:
> > In a nutshell - the question I'm asking is, how do I make a socket
> > conenction go via a proxy server ?
> > All our internet traffic has to go through a proxy-server at location
> > 'dav-serv:8080' and I need to make a socket connection through it.
Am Freitag, 30. Juli 2004 18:51 schrieb Diez B. Roggisch:
> Short answer: Its not possible.
Longer answer: it is possible if you use DNAT on some router between the
computer which opens the request and the destination machine. Check out squid
transparent proxy howtos you can find on the net. The protocol will need
HTTP/1.1 for this, though.
Small example, which clarifies why this is possible:
Computer 1 opens http (port 80) connection to computer 2.
Router 1 sits in the middle, sees a port 80 connection is opened to some
computer 2, and rewrites the incoming packet to have a new destination
address/port (DNAT), namely proxy 1 with port 3128 (standard http-proxy port,
at least for squid), and a new source address/port (SNAT), namely router 1
with some port.
Proxy 1 gets the following (from router 1):
GET /foo.html HTTP/1.1
Proxy 1 opens the connection to www.foo.com port 80 (now, the router sees that
the connection comes from proxy, it must not do address rewriting), gets the
result, and stores it locally.
proxy 1 then sends the packets back to router 1 (because the proxy request
seems to have come from router; if you leave out SNAT in the rewriting step,
it'll seem to have come from the actual computer, and this is fine too, but
then you have to be sure that the return packet also has to go through the
router), and now router 1 does reverse DNAT and SNAT to return the packet to
computer 1, which will see a source address of computer 2 and port 80 on the
computer 1 sees the result, and thinks it came from the outside machine,
although through some SNAT/DNAT the packets actually originated from the
This is basically it.
If you want to implement this, as I said, read up on transparent proxy howtos
for squid. Pretty much every proxy can be made to support this, as with
HTTP/1.1 the Host: header is a required header, and thus the proxy can always
extract the host which was queried from the request, even when it isn't
passed as the others have suggested.
On another note: I assumed you wanted to transparently relay/rewrite HTTP
through the proxy. If you need to open some form of socket connection to the
proxy which is not HTTP, the proxy protocol supports the method CONNECT,
which will simply open up a socket connection which is relayed by the proxy.
But: This cannot be made transparent, except by some deeper magic in the
More information about the Python-list