Dealing with Firewalls
**********************
By default, Emacs can support standard TCP/IP network connections on
almost all the platforms it runs on (Unix, VMS, Windows, etc).
However, there are several situations where it is not sufficient.
Firewalls
It is becoming more and more common to be behind a firewall or some
other system that restricts your outbound network activity,
especially if you are like me and away from the wonderful world of
academia. Emacs/W3 has several different methods to get around
firewalls (not to worry though -- none of them should get you in
trouble with the local MIS department.)
Emacs cannot resolve hostnames.
This happens quite often on SunOS workstations and some ULTRIX
machines. Some C libraries do not include the hostname resolver
routines in their static libraries. If Emacs was linked
statically, and was not linked with the resolver libraries, it wil
not be able to get to any machines off the local network. This is
characterized by being able to reach someplace with a raw ip
number, but not its hostname (`http://129.79.254.191/' works, but
`http://www.cs.indiana.edu/' doesn't).
The best solution for this problem is to recompile Emacs, making
sure to either link dynamically (if available on your operating
system), or include the `-lresolv'.
If you do not have the disk space or the appropriate permissions to
recompile Emacs, another alternative is using the `nslookup'
program to do hostname resolution. To turn this on, set the
variable `url-gateway-broken-resolution' in your `~/.emacs' file.
This runs the program specified by `url-gateway-nslookup-program'
(by default "`nslookup'" to do hostname resolution. This program
should expect a single argument on the command line -- the
hostname to resolve, and should produce output similar to the
standard Unix `nslookup' program:
Name: www.cs.indiana.ed
Address: 129.79.254.191
Using TERM (or TERM-like) Networking Software
TERM (1) for slip-like access to the internet.
NOTE: XEmacs and Emacs 19.22 or later have patches to enable native
TERM networking. To enable it, `#define TERM' in the appropriate
s/*.h file for the operating system, then change the `SYSTEM_LIBS'
definition to include the `termnet' library that comes with the
latest versions of TERM.
If you run into any problems with the native TERM networking
support in Emacs or XEmacs, please let wmperry+w3@cs.indiana.edu
know, as he is responsible for the original support.
Emacs/W3 has support for using the gateway mechanism for certain
domains, and directly connecting to others. The variable
`url-gateway-local-host-regexp' controls this behaviour. This is a
regular expression (2) that matches local hosts that do not require the
use of a gateway. If `nil', then all connections are made through the
gateway.
Emacs/W3 supports several methods of getting around gateways. The
variable `url-gateway-method' controls which of these methods is used.
This variable can have several values (use these as symbol names, not
strings), ie: `(setq url-gateway-method 'telnet)'. Possible values are:
"telnet"
Use this method if you must first telnet and log into a gateway
host, and then run telnet from that host to connect to outside
machines.
`url-gateway-telnet-host'
The gateway host to telnet to. Once logged in there, you
then telnet out to the hosts you want to connect to.
`url-gateway-telnet-parameters'
This should be a list of parameters to pass to the `telnet'
program.
`url-gateway-telnet-password-prompt'
This is a regular expression that matches the password prompt
when logging in.
`url-gateway-telnet-login-prompt'
This is a regular expression that matches the username prompt
when logging in.
`url-gateway-telnet-user-name'
The username to log in with.
`url-gateway-telnet-password'
This is the password to send when logging in.
`url-gateway-prompt-pattern'
This is a regular expression that matches the shell prompt.
"rlogin"
This method is identical to the `telnet' method, but uses `rlogin'
to log into the remote machine without having to send the username
and password over the wire every time.
`url-gateway-rlogin-host'
Host to `rlogin' to before telnetting out.
`url-gateway-rlogin-parameters'
Parametres to pass to `rsh'.
`url-gateway-rlogin-user-name'
User name to use when logging in to the gateway.
`url-gateway-prompt-pattern'
This is a regular expression that matches the shell prompt.
"tcp"
Masanobu UMEDA (umerin@mse.kyutech.ac.jp) has written a very small
application that you can run in a subprocess to do the network
connections.
"SOCKS"
Use if the firewall has a SOCKS gateway running on it. SOCKS v5
protocol is defined in RFC1928.
`socks-password'
If this is `nil' then you will be asked for the passward,
otherwise it will be used as the password for authenticating
you to the SOCKS server.
`socks-username'
This is the username to use when authenticating yourself to
the SOCKS server. By default this is your login name
`socks-timeout'
This controls how long, in seconds, Emacs/W3 will wait for
responses from the SOCKS server; it is 5 by default.
`socks-server'
Thiss the default server, it take the form (`"Default server"'
SERVER PORT VERSION) where VERSION can be either 4 or 5.
`socks-server-aliases'
This a list of server aliases. It is a list of aliases of
the form (ALIAS HOSTNAME PORT VERSION).
`socks-network-aliases'
This a list of network aliases. Each entry in the list takes
the form (ALIAS (NETWORK)) where ALIAS is a string that names
the NETWORK. The networks can contain a pair (not a dotted
pair) of IP addresses which specify a range of IP addresses,
an IP address and a netmask, a domain name or a unique
hostname or IP address.
`socks-redirection-rules'
This a list of redirection rules. Each rule take the form
(DESTINATION NETWORK CONNECTION TYPE) where DESTINATION
NETWORK is a network alias from `socks-network-aliases' and
CONNECTION TYPE can be `nil' in which case a direct
connection is used, or it can be an alias from
`socks-server-aliases' in which case that server is used as a
proxy.
`socks-nslookup-program'
This the `nslookup' program. It is `nslookup' by default.
"native"
This means that Emacs/W3 should use the builtin networking code of
Emacs. This should be used only if there is no firewall, or the
Emacs source has already been hacked to get around the firewall.
Emacs/W3 should now be able to get outside the local network. If
none of this makes sense, its probably my fault. Please check with the
network administrators to see if they have a program that does most of
this already, since somebody somewhere at the company has probably been
through something similar to this before, and would be much more
helpful/knowledgeable about the local setup than I would be. But feel
free to mail me as a last resort.
---------- Footnotes ----------
(1) TERM is a user-level protocol for emulating IP over a serial
line. More information is available at
`ftp://sunsite.unc.edu/pub/Linux/apps/comm/term'
(2) Please see the full Emacs distribution for a description of
regular expressions