我找到 pietty 的 user manual 了
待會再翻譯 :P
4.15 The Proxy panel
The Proxy panel allows you to configure PuTTY to use various types of proxy in order to make its network connections. The settings in this panel affect the primary network connection forming your PuTTY session, but also any extra connections made as a result of SSH port forwarding (see section 3.5).
4.15.1 Setting the proxy type
The ‘Proxy type’ radio buttons allow you to configure what type of proxy you want PuTTY to use for its network connections. The default setting is ‘None’; in this mode no proxy is used for any connection.
* Selecting ‘HTTP’ allows you to proxy your connections through a web server supporting the HTTP CONNECT command, as documented in RFC 2817.
* Selecting ‘SOCKS 4’ or ‘SOCKS 5’ allows you to proxy your connections through a SOCKS server.
* Many firewalls implement a less formal type of proxy in which a user can make a Telnet connection directly to the firewall machine and enter a command such as connect myhost.com 22 to connect through to an external host. Selecting ‘Telnet’ allows you to tell PuTTY to use this type of proxy.
4.15.2 Excluding parts of the network from proxying
Typically you will only need to use a proxy to connect to non-local parts of your network; for example, your proxy might be required for connections outside your company's internal network. In the ‘Exclude Hosts/IPs’ box you can enter ranges of IP addresses, or ranges of DNS names, for which PuTTY will avoid using the proxy and make a direct connection instead.
The ‘Exclude Hosts/IPs’ box may contain more than one exclusion range, separated by commas. Each range can be an IP address or a DNS name, with a * character allowing wildcards. For example:
*.example.com
This excludes any host with a name ending in .example.com from proxying.
192.168.88.*
This excludes any host with an IP address starting with 192.168.88 from proxying.
192.168.88.*,*.example.com
This excludes both of the above ranges at once.
Connections to the local host (the host name localhost, and any loopback IP address) are never proxied, even if the proxy exclude list does not explicitly contain them. It is very unlikely that this behaviour would ever cause problems, but if it does you can change it by enabling ‘Consider proxying local host connections’.
Note that if you are doing DNS at the proxy (see section 4.15.3), you should make sure that your proxy exclusion settings do not depend on knowing the IP address of a host. If the name is passed on to the proxy without PuTTY looking it up, it will never know the IP address and cannot check it against your list.
4.15.3 Name resolution when using a proxy
If you are using a proxy to access a private network, it can make a difference whether DNS name resolution is performed by PuTTY itself (on the client machine) or performed by the proxy.
The ‘Do DNS name lookup at proxy end’ configuration option allows you to control this. If you set it to ‘No’, PuTTY will always do its own DNS, and will always pass an IP address to the proxy. If you set it to ‘Yes’, PuTTY will always pass host names straight to the proxy without trying to look them up first.
If you set this option to ‘Auto’ (the default), PuTTY will do something it considers appropriate for each type of proxy. Telnet and HTTP proxies will have host names passed straight to them; SOCKS proxies will not.
Note that if you are doing DNS at the proxy, you should make sure that your proxy exclusion settings (see section 4.15.2) do not depend on knowing the IP address of a host. If the name is passed on to the proxy without PuTTY looking it up, it will never know the IP address and cannot check it against your list.
The original SOCKS 4 protocol does not support proxy-side DNS. There is a protocol extension (SOCKS 4A) which does support it, but not all SOCKS 4 servers provide this extension. If you enable proxy DNS and your SOCKS 4 server cannot deal with it, this might be why.
4.15.4 Username and password
If your proxy requires authentication, you can enter a username and a password in the ‘Username’ and ‘Password’ boxes.
Note that if you save your session, the proxy password will be saved in plain text, so anyone who can access your PuTTY configuration data will be able to discover it.
Authentication is not fully supported for all forms of proxy:
* Username and password authentication is supported for HTTP proxies and SOCKS 5 proxies.
o With SOCKS 5, authentication is via CHAP if the proxy supports it (this is not supported in PuTTYtel); otherwise the password is sent to the proxy in plain text.
o With HTTP proxying, the only currently supported authentication method is ‘basic’, where the password is sent to the proxy in plain text.
* SOCKS 4 can use the ‘Username’ field, but does not support passwords.
* You can specify a way to include a username and password in the Telnet proxy command (see section 4.15.5).
4.15.5 Specifying the Telnet proxy command
If you are using the Telnet proxy type, the usual command required by the firewall's Telnet server is connect, followed by a host name and a port number. If your proxy needs a different command, you can enter an alternative here.
In this string, you can use \n to represent a new-line, \r to represent a carriage return, \t to represent a tab character, and \x followed by two hex digits to represent any other character. \\ is used to encode the \ character itself.
Also, the special strings %host and %port will be replaced by the host name and port number you want to connect to. The strings %user and %pass will be replaced by the proxy username and password you specify. To get a literal % sign, enter %%.
If the Telnet proxy server prompts for a username and password before commands can be sent, you can use a command such as:
%user\n%pass\nconnect %host %port\n
This will send your username and password as the first two lines to the proxy, followed by a command to connect to the desired host and port. Note that if you do not include the %user or %pass tokens in the Telnet command, then the ‘Username’ and ‘Password’ configuration fields will be ignored.
待會再翻譯 :P
4.15 The Proxy panel
The Proxy panel allows you to configure PuTTY to use various types of proxy in order to make its network connections. The settings in this panel affect the primary network connection forming your PuTTY session, but also any extra connections made as a result of SSH port forwarding (see section 3.5).
4.15.1 Setting the proxy type
The ‘Proxy type’ radio buttons allow you to configure what type of proxy you want PuTTY to use for its network connections. The default setting is ‘None’; in this mode no proxy is used for any connection.
* Selecting ‘HTTP’ allows you to proxy your connections through a web server supporting the HTTP CONNECT command, as documented in RFC 2817.
* Selecting ‘SOCKS 4’ or ‘SOCKS 5’ allows you to proxy your connections through a SOCKS server.
* Many firewalls implement a less formal type of proxy in which a user can make a Telnet connection directly to the firewall machine and enter a command such as connect myhost.com 22 to connect through to an external host. Selecting ‘Telnet’ allows you to tell PuTTY to use this type of proxy.
4.15.2 Excluding parts of the network from proxying
Typically you will only need to use a proxy to connect to non-local parts of your network; for example, your proxy might be required for connections outside your company's internal network. In the ‘Exclude Hosts/IPs’ box you can enter ranges of IP addresses, or ranges of DNS names, for which PuTTY will avoid using the proxy and make a direct connection instead.
The ‘Exclude Hosts/IPs’ box may contain more than one exclusion range, separated by commas. Each range can be an IP address or a DNS name, with a * character allowing wildcards. For example:
*.example.com
This excludes any host with a name ending in .example.com from proxying.
192.168.88.*
This excludes any host with an IP address starting with 192.168.88 from proxying.
192.168.88.*,*.example.com
This excludes both of the above ranges at once.
Connections to the local host (the host name localhost, and any loopback IP address) are never proxied, even if the proxy exclude list does not explicitly contain them. It is very unlikely that this behaviour would ever cause problems, but if it does you can change it by enabling ‘Consider proxying local host connections’.
Note that if you are doing DNS at the proxy (see section 4.15.3), you should make sure that your proxy exclusion settings do not depend on knowing the IP address of a host. If the name is passed on to the proxy without PuTTY looking it up, it will never know the IP address and cannot check it against your list.
4.15.3 Name resolution when using a proxy
If you are using a proxy to access a private network, it can make a difference whether DNS name resolution is performed by PuTTY itself (on the client machine) or performed by the proxy.
The ‘Do DNS name lookup at proxy end’ configuration option allows you to control this. If you set it to ‘No’, PuTTY will always do its own DNS, and will always pass an IP address to the proxy. If you set it to ‘Yes’, PuTTY will always pass host names straight to the proxy without trying to look them up first.
If you set this option to ‘Auto’ (the default), PuTTY will do something it considers appropriate for each type of proxy. Telnet and HTTP proxies will have host names passed straight to them; SOCKS proxies will not.
Note that if you are doing DNS at the proxy, you should make sure that your proxy exclusion settings (see section 4.15.2) do not depend on knowing the IP address of a host. If the name is passed on to the proxy without PuTTY looking it up, it will never know the IP address and cannot check it against your list.
The original SOCKS 4 protocol does not support proxy-side DNS. There is a protocol extension (SOCKS 4A) which does support it, but not all SOCKS 4 servers provide this extension. If you enable proxy DNS and your SOCKS 4 server cannot deal with it, this might be why.
4.15.4 Username and password
If your proxy requires authentication, you can enter a username and a password in the ‘Username’ and ‘Password’ boxes.
Note that if you save your session, the proxy password will be saved in plain text, so anyone who can access your PuTTY configuration data will be able to discover it.
Authentication is not fully supported for all forms of proxy:
* Username and password authentication is supported for HTTP proxies and SOCKS 5 proxies.
o With SOCKS 5, authentication is via CHAP if the proxy supports it (this is not supported in PuTTYtel); otherwise the password is sent to the proxy in plain text.
o With HTTP proxying, the only currently supported authentication method is ‘basic’, where the password is sent to the proxy in plain text.
* SOCKS 4 can use the ‘Username’ field, but does not support passwords.
* You can specify a way to include a username and password in the Telnet proxy command (see section 4.15.5).
4.15.5 Specifying the Telnet proxy command
If you are using the Telnet proxy type, the usual command required by the firewall's Telnet server is connect, followed by a host name and a port number. If your proxy needs a different command, you can enter an alternative here.
In this string, you can use \n to represent a new-line, \r to represent a carriage return, \t to represent a tab character, and \x followed by two hex digits to represent any other character. \\ is used to encode the \ character itself.
Also, the special strings %host and %port will be replaced by the host name and port number you want to connect to. The strings %user and %pass will be replaced by the proxy username and password you specify. To get a literal % sign, enter %%.
If the Telnet proxy server prompts for a username and password before commands can be sent, you can use a command such as:
%user\n%pass\nconnect %host %port\n
This will send your username and password as the first two lines to the proxy, followed by a command to connect to the desired host and port. Note that if you do not include the %user or %pass tokens in the Telnet command, then the ‘Username’ and ‘Password’ configuration fields will be ignored.
全站熱搜
留言列表
我的相簿蒐藏 