Previous: , Up: Network   [Contents][Index]

3.12 Tunnelling connections

Polipo is an HTTP proxy; it proxies HTTP traffic, and clients using other protocols should either establish a direct connection to the server or use an ad hoc proxy.

In many circumstances, however, it is not possible to establish a direct connection to the server, for example due to mis-configured firewalls or when trying to access the IPv4 Internet from an IPv6-only host. In such situations, it is possible to have Polipo behave as a tunnelling proxy — a proxy that merely forwards traffic between the client and the server without understanding it. Polipo enters tunnel mode when the client requests it by using the HTTP ‘CONNECT’ method.

Most web browsers will use this technique for HTTP over SSL if configured to use Polipo as their ‘https proxy’. More generally, the author has successfully used it to cross mis-configured firewalls using OpenSSH, rsync, Jabber, IRC, etc.

The variable tunnelAllowedPorts specifies the set of ports that Polipo will accept to tunnel traffic to. It defaults to allowing ssh, HTTP, https, rsync, IMAP, imaps, POP, pops, Jabber, CVS and Git traffic.

It is possible to selectively block tunneled connections, see Forbidden Tunnels