Back to CERTI Installation Documentation index
Connecting to RTIG via a HTTP tunnel

To pass the RTIA–RTIG connection through firewalls, you may use the HTTP tunnel.

Federates behind a firewall may be unnable to connect to the RTIG. To connect via a HTTP tunnel

  1. Set the CERTI_HOST and CERTI_TCP_PORT environment variables to RTIG address and port.
  2. Set the CERTI_HTTP_PROXY environment variable to HTTP proxy address in the form http://host:port.
  3. Run the federate.

If CERTI_HTTP_PROXY is not defined, the system-wide http_proxy is used. To disable HTTP tunneling, you must unset both environment variables, or set CERTI_HTTP_PROXY to an empty string.

If the HTTP proxy is directly accessible for the federate (RTIA), you can set the CERTI_HTTP_PROXY environment variable to address of the HTTP proxy, e.g. http://proxy.example.com. The default port is 3128.

Note: In the HTTP proxy configuration you may need to enable the HTTP CONNECT method for the port number defined in CERTI_TCP_PORT. For example, in the /etc/squid/squid.conf you may need to configure

 acl CERTI_ports port 60400   # the value of CERTI_TCP_PORT
 acl CONNECT method CONNECT
 http_access allow CONNECT CERTI_ports

If you cannot access the HTTP proxy directly, you may use SSH port forwarding. The SSH client will listen to a local port and will ask the remote SSH server to open an outgoing connection to the HTTP proxy. It will then forward all traffic between the local port and the HTTP proxy inside the SSH connection.

To use SSH port forwarding

  1. Set the CERTI_HTTP_PROXY environment variable to an arbitrary local port number, e.g. http://localhost:8808.
  2. Establish an SSH connection as follows.

On Windows you may use the PuTTY client http://www.chiark.greenend.org.uk/~sgtatham/putty

Create a SSH session and select the SSH protocol. Open the Connection – SSH – Tunnels configuration. Select "Local", enter chosen arbitrary "Source port" number (e.g. 8808) and the HTTP proxy address as "Destination". Make sure you then click "Add".

putty-portforwarding.png

Most Linux systems have a SSH client installed. Use the ssh command.

 ssh -L8808:proxy.example.com:3128 user@hostname

Generated on Fri Feb 28 2014 16:33:52 for CERTI Install Documentation by doxygen 1.8.6