Multipurpose Proxy : Delegate


DeleGate is a universal application level gateway, or proxy server which can relay most of fundamental application protocols used in the Internet today, running on most of major platforms (Unix, Windows, MacOS X and OS/2). DeleGate mediates communication of various protocols (HTTP, FTP, NNTP, SMTP, POP, IMAP, LDAP, Telnet, SOCKS, DNS, etc.), applying cache and conversion for mediated data, controlling access from clients and routing toward servers. It translates protocols between clients and servers, applying SSL(TLS) to arbitrary protocols, converting between IPv4 and IPv6, merging several servers into a single server view with aliasing and filtering. Born as a tiny proxy for Gopher in March 1994, it has steadily grown into a general purpose proxy server. Besides being a proxy, DeleGate can be used as a simple origin server for some protocols (HTTP, FTP and NNTP).

What is DeleGate?

It is an application level gateway (proxy server)

Mediates between clients and servers with access control

Value added proxy based on interpretation of application protocols

Supports various protocols based on a common set of mechanisms

Supports multiple platforms with a common source program

Also works as origin servers (and clients)

Toward a framework of a generic application protocol interpreter

Main Features :-

Easy firewall construction by flexible access control

Flexible application level routing regarding protocols and users

Reduces traffic by data cache (stored in protocol inherent format)

Improves response time by reusing and sharing connection

Expands accessibility of services by application protocol gatewaying

Expands accessibility of information resources by data translation

Provides virtual views for a space of resources by “mounting”

Mediates between secure protocols and non secure protocols

Supports extension of value added services by pluggable “filters

Application protocols supported by DeleGate :-

FTP (*proxy+origin, cache, mount)

Gopher (*proxy, cache)

HTTP (*proxy+origin, cache, gateway(FTP,Gopher,NNTP,Wais), mount)

NNTP (proxy+origin, cache, gateway(POP), mount, MIME)

POP (*proxy, gateway(NNTP), mount, MIME)

SMTP (*proxy, gateway(NNTP), MIME)

IMAP (*proxy)

Telnet (*proxy, X-Window)

Wais (proxy)

LDAP (*proxy)

LPR (proxy, gateway(FTP))

X-Window (proxy)

CU-SeeMe (proxy)

ICP (proxy, origin)

Access Control :-

When using DeleGate as a proxy on a multi-homed host, with different network interface for an external (xx.xx.xx.xx) and an internal (ii.ii.ii.ii) network respectively, the simplest configuration to allow access only from the inside is specifying the interface of port to accept clients as this:

-Pii.ii.ii.ii:8080

By default, DeleGate allows access from a client-host only if the host is on “local network”. What the “local network” is is pre-defined as the special host-list named “.localnet”. It can be redefined with a HOSTLIST parameter as this for example:

HOSTLIST=.localnet:127.0.0.1,192.168.1.0/24

When it is difficult or insufficient to control access based on the IP address or host-name of clients, you can use password based authentications, or certificate based authentication when using SSL. For example, PAM based password authentication can be done as this:

AUTHORIZER=-pam

To enable the certificate based authentication, specify “-Vrfy” option of the SSLway filter.

STLS=”fcl,sslway -Vrfy -CAfile file”

When using DeleGate as a “reverse proxy”, it should be configured not to be utilized to access arbitrary ports and/or hosts not amied by the administrator. The REACHABLE parameter can be used combined with any application protocols to restrict reachable host (and port).

REACHABLE=192.168.1.1:80,127.0.0.1

A HTTP proxy server is designed to allow very wide range of protocols over it. So it should be configured not to be utilized in the way which you don’t aimed. Therefore, by default, DeleGate restricts the protocols to be carried over it when it acts as a HTTP proxy. It can be configured to allow only access strictly to HTTP and HTTPS servers on each statndard port as this:

REMITTABLE=http/80,https/443

Installation :-

The minimum installation of DeleGate is just getting the executable file of DeleGate and putting it to somewhere on your host.

When you created it from the source distribution, you will get an executable file named delegated (or delegated.exe on Windows) under the src/ directory.

On the first invocation of DeleGate, it creates directories to hold files for log, cache, administration data, and so on under a directory. The root directory of DeleGate is called DGROOT. DGROOT can be specified as a command line option as DGROOT=path. Otherwise it is selected automatically depending on the platform and user of DeleGate. See the start-up message from DeleGate to see which directory is selected as DGROOT.

% delegated -P8080 SERVER=http

[12345] -P8080 READY

DGROOT=/home/dgowner/delegate

Usage of Delegate in realtime:-

Delegate as an HTTP proxy:-

Here is the sample configuration to use Delegate as http proxy.

In this configuration Delegate is configured as Http proxy with authentication and caching.

#su – delegate

$ vi /opt/delegate/etc/dg.conf

-p8080

-Tx

DGROOT=”/opt/delegate”

SERVER=http

REMITTABLE=”http,https/443, gopher,ftp,wais”

CACHE=do

TIMEOUT=”shutout:30m”

MAXIMA=”randstack:32″

MAXIMA=”randenv:1024″

MAXIMA=”randfd:32″

ADMIN=admin@domain.com

AUTHORIZER=”-list{user1:password1,user2:password2}”

Delegate as a Sock Server:-

the option SERVER=socks specifies to work as a SOCKS server, and SOCKS=socksServer specifies to work as a SOCKS client using the socksServer as the upstream SOCKS server. The simplest specification of socksServer is the host name (or address) of the upstream SOCKS server.

Examples

A SOCKS server:

% delegated -P1080 SERVER=socks

A HTTP proxy as a SOCKS client:

% delegated -P8080 SERVER=http SOCKS=socksServer

A FTP proxy as a SOCKS client:

% delegated -P8021 SERVER=ftp SOCKS=socksServer

A SOCKS server and client (forwarding to another SOCKS server):

% delegated -P1080 SERVER=socks SOCKS=socksServer

A pair of a server and a client of SOCKS over SSL:

serv% delegated -P1080 STLS=fcl SERVER=socks

clnt% delegated -P1080 STLS=fsv SERVER=socks SOCKS=serv

A transparent proxy/NAT as a SOCKS client:

% delegated -P9999 SERVER=tcprelay://odst.-:- SOCKS=socksServer

Relevant Parameters (Referrence Manual)

SERVER — act as a server of the specified application protocol

SOCKS — act as a SOCKS client using the specified SOCKS server

SOCKMUX — connect between DeleGate with a single persistent TCP connection

STLS — apply SSL to the server and/or client

RIDENT — convey origin client-host info. with SOCKMUX

Conclusion :-

Much more than a web proxy. Also proxies “FTP, Telnet, NNTP, SMTP, POP, IMAP, LPR, LDAP, ICP, DNS, SSL, Socks, and more.”

Leave a Reply