To pass the RTIA–RTIG connection through firewalls, you may use the HTTP tunnel.
Federates behind a firewall may be unnable to connect to the RTIG. To connect via a HTTP tunnel
- Set the
CERTI_HOSTandCERTI_TCP_PORTenvironment variables to RTIG address and port. - Set the
CERTI_HTTP_PROXYenvironment variable to HTTP proxy address in the form http://host:port. - Run the federate.
If CERTI_HTTP_PROXY is not defined, the system-wide http_proxy is used. To disable HTTP tunneling, you must unset both environment variables, or set CERTI_HTTP_PROXY to an empty string.
If the HTTP proxy is directly accessible for the federate (RTIA), you can set the CERTI_HTTP_PROXY environment variable to address of the HTTP proxy, e.g. http://proxy.example.com. The default port is 3128.
Note: In the HTTP proxy configuration you may need to enable the HTTP CONNECT method for the port number defined in CERTI_TCP_PORT. For example, in the /etc/squid/squid.conf you may need to configure
acl CERTI_ports port 60400 # the value of CERTI_TCP_PORT acl CONNECT method CONNECT http_access allow CONNECT CERTI_ports
If you cannot access the HTTP proxy directly, you may use SSH port forwarding. The SSH client will listen to a local port and will ask the remote SSH server to open an outgoing connection to the HTTP proxy. It will then forward all traffic between the local port and the HTTP proxy inside the SSH connection.
To use SSH port forwarding
- Set the
CERTI_HTTP_PROXYenvironment variable to an arbitrary local port number, e.g. http://localhost:8808. - Establish an SSH connection as follows.
On Windows you may use the PuTTY client http://www.chiark.greenend.org.uk/~sgtatham/putty
Create a SSH session and select the SSH protocol. Open the Connection – SSH – Tunnels configuration. Select "Local", enter chosen arbitrary "Source port" number (e.g. 8808) and the HTTP proxy address as "Destination". Make sure you then click "Add".
Most Linux systems have a SSH client installed. Use the ssh command.
ssh -L8808:proxy.example.com:3128 user@hostname
