Tunneling through SOCKS Proxy Server
Tunneling through client as well as server side firewalls can be achieved through the SOCKS Proxy Server. The SOCKS protocol is an open internet standard for performing network proxying at the transport layer. SOCKS creates proxy, which serves as a data channel between TCP or UDP (User Datagram Protocol) based clients and servers. The proxy between the client and server, created by SOCKS is transparent to both the parties.
Java runtime 1.1.8 and above provide SOCKS support. The Java.net socket instance has the ability to connect to a remote host through the SOCKS proxy server. If the System property socksProxyHost and optionally socksProxyPort is set, the Socket implementation redirects the connection through the SOCKS proxy Server. Tunneling through proxies, using SOCKS, presents a more generic and viable solution for JMS Applets. Since socksProxyPort and socksProxyHost are set as a system property, the Client Applet burrows through the SOCKS server. A single version of an applet can now be downloaded by the client, despite the presence of a firewall. There are slight variations in the applet and application code used to tunnel through the SOCKS Proxy. Using HTTP Tunneling requires that the applet sets the proxy
Address and proxy Port. The code snippets provided in this document illustrate proxy tunneling in applications and applets.
The above features do not work with JDK versions below 1.4 and 1.5. Complete samples can be found in the Tunneling Samples folder located at: %FMQ_DIR%\fmq\samples\ directory.
Enabling JMS Applets to Tunnel through SOCKS Proxy Server
Browsers allow users to manually set the Proxy Server/SOCKS Server Host and port or users can use a script to automatically set the browser configuration. Applets access Java for SOCKS proxy server settings by conveying the settings effectively to the Java VM, used by the browser.
Microsoft Internet Explorer 4.0 and above provide complete SOCKS proxy support. They do not require changes to run Applets behind client firewalls.
Scenario
Consider a scenario where client applications are protected by a corporate firewall and need to use the services of FioranoMQ server through SOCKS tunneling. The following code illustrates how the clients' applications, even when protected by firewalls, can access the services of the FioranoMQ server by tunneling through client side firewalls.
Additional Notes on SOCKS
JDK implements SOCKS Version 4. SOCKS Version 4 accepts remote host addresses in numeric IP form (and not alphanumeric form which would allow the use domain names such as www.fiorano.com). Tunneling does not work if issues of domain name and IP address are not resolved. To resolve the issue the Applet needs to be downloaded from a known IP address and used instead of domain names.
Another solution is to provide the Server IP Address as Applet parameters.