NAT32

Reference Manual

NAME

httpd - the NAT32 HTTP daemon
SYNOPSIS
start httpd [port]
hstat [local | private | public | acl | dx | lx]
proxy [on|off] | [hostname:port] | [username password]
agent ["str"]

 
...
DESCRIPTION
The HTTP daemon listens for incoming HTTP GET requests at the port number specified in argument port. If no port number is specified, the default port 8080 is used. Because HTTPD communicates via Winsock, the daemon listens at the Windows IP addresses, not the NAT32 IP addresses. Any desired web browser can be used to access files in NAT32's htm directory. Access to any other directory is not possible.

Command execution (Active Content) is supported via GET requests of the following formats:

GET /shell?cmd=command+arg1+arg2+... http/1.1
GET /tcl?cmd=command+arg1+arg2+..... http/1.1
GET /java?cmd=command+arg1+arg2+.... http/1.1
GET http://......................... http/1.1
GET /file?name=value................ http/1.1
GET /filename....................... http/1.1

POST requests are also supported.

Note that the Active Content feature only works for pages loaded from the NAT32 HTTP daemon. Numerous code samples can be found in the htm directory of your NAT32 installation.

A sample Java class explorer.class is available. It allows NAT32 shell commands to be issued from a window within Internet Explorer. The class may work with other browsers, depending on the degree of compatibility of the installed Java VM.

NOTES
The HTTP daemon has the following access modes:
0 local       Access from localhost only (default).
1 private     Access from private addresses only.
3 public      Access from all addresses.
7 acl         Access from addresses in the Access Control List only.

Localhost (127.0.0.1) always has access.

If password checking is on, the user is prompted for a username and password the first time a browser instance requests access. The username is the name of the Windows account under which NAT32 is running, the password is your NAT32 password. Both values are case-sensitive.

Be sure to turn password checking on if the public access mode is selected. This is because in public mode, Internet port scanners will discover your HTTPD within minutes of going online, and external sites may then try to use its proxy feature to generate fake advertising clicks and similar. Password checking effectively prevents this.

The HTTP daemon is started with the following command in file startup:

start httpd port

If you already have an HTTP server running under Windows on the NAT32 machine, a different port number must be specified in argument port.

To stop the daemon, enter the command:

kill HTTPD

The hstat and agent commands can be used to interact with the daemon as follows:

hstat dx            // Debug level x (0 = off)
hstat lx            // Log   level x (0 = off)
hstat local | private | public | acl

agent "str"         // Agent string

HTTPD status values are:

0 down        // No HTTPD is running.
1 idle        // No connections are currently being processed.
3 busy        // One or more connections are currently being processed.
Command hstat acl grants access to only those hosts with an IP address listed in file httpd.acl. The command reads that file and updates the server's internal access address list. Partial IP addresses (e.g. 192.168) are allowed.

The HTTPD can act as a Web Proxy that fetches all content on behalf of a client via one of the httpget commands. This effectively blocks information leakage via cookies, referrer strings and tracking URLs. In addition, redirection to HTTPS sites is intercepted and the user queried for permission to proceed. Clients can be auto-configured to use the HTTPD proxy via the wpad protocol.

The proxy command can be used to set the proxy parameters that the httpget command will use.

The User-Agent string can be set via the agent "str" command, where str denotes the actual User-Agent string to be used. Be sure to include the string in double-quotes if it contains spaces.

The file nat32.js contains several NAT32 variables and functions for use in Javascript web pages. The file is created with command: jsf executed at startup. The jsf command can be issued at any time to update file nat32.js. The file mynat32.htm is also generated by command jsf, and it contains a URL with the correct port number for the HTTPD.

An interesting side-effect of the NAT32 ad-blocking feature (see setns) is that unwanted traffic is redirected to 127.0.0.1:80, and if the NAT32 HTTPD is listening at that port, the file nofile.htm is served and the offending URL revealed.

SEE ALSO
httpget, Password Checking, setns, sh, tcl, Web Interface, wpad, wproxy