Howto - Using the HTTP Poster with dynamic dns and other services

    This Knowledge Base article applies to:
      Amaranten Firewall 8.20.00 and up

HTTP Poster basics

The HTTP Poster is controlled through four settings in Advanced Settings -> HTTPPoster:

  • HTTPPoster_URL1
  • HTTPPoster_URL2
  • HTTPPoster_URL3
  • HTTPPoster_RepDelay -- the number of seconds to wait before re-posting the above URLs.
    Default: 21600 seconds (6 hours).

The HTTP Poster will post all configured URLs, in turn, when the firewall has parsed its configuration. It will then wait as long as HTTPPoster_RepDelay says, and repeat the process, etc.

Example URLs:

  • http://some.service.com/somecgi?param=value¶m2=value2
  • http://username:password@some.service.com:8043/
  • httppost://some.service.com/somecgi?postparam=postvalue

A note on DNS resolution: If you need to use hostnames rather than numerical IP addresses in your URLs, the firewall needs to be able to look them up. Make sure you have at least one DNS server configured in Advanced
Settings -> DNSClient.

A note on keepalives: Many services are sensitive to repeated logon attempts over short periods of time. If
you need some sort of keepalive, e.g. for broadband network logons, consider using the Link Monitor with a high "max loss" to accomplish the keepalives rather than lowering HTTPPoster_RepDelay.

Troubleshooting: To troubleshoot problems, use the "httpposter" console command to see what the http
poster is doing, and what the web servers are returning.

Dynamic DNS services

Dynamic DNS is useful in VPN scenarios where one or both gateways involved have dynamic IP addresses,
and, of course, for making public services reachable even though one does not have a fixed IP address.

Note that as of 8.20.00, Amaranten Firewall implements a VPN keepalive scheme that removes the need for
dynamic DNS services when only one side of the VPN tunnel is roaming. dyns.cx dynamic DNS service

Dyns.cx is a free dynamic DNS service that allows registration under a number of domains: dyns.cx, dyns.net,
ma.cx, metadns.cx...

Basic example:
http://www.dyns.net/postscript011.php?username=MYUID&password=MYPWD&host=MYDNS.dyns.cx

cjb.net dynamic DNS service

cjb.net is a free dynamic DNS service (and more) that allows registration under cjb.net.

Basic example:
http://www.cjb.net/cgi-bin/dynip.cgi?username=MYUID&password=MYPWD
The host name is the same as the user name; multiple registrations possible.

dyndns.org dynamic DNS service

Dyndns.org is a free dynamic DNS service that allows registration under dozens of domains, e.g. "MYDNS.
dyndns.org", "MYDNS.dnsalias.net", etc.

Basic example:
http://MYUID:MYPWD@members.dyndns.org/nic/update?hostname=MYDNS.dyndns.org

Note: dyndns.org will block clients that attempt to update too often. While it is unclear what they mean by "too
often", our best guess is "hourly or more often". Make sure that HTTPPoster_RepDelay is 21600 (6 hours) or
more; use your own discretion.

Note:
Dyndns.org will not accept DNS updates from v8.20.00 firewalls, as they do not provide a "User-agent" string.
This is fixed as of 8.20.00.



Other services Amaranten Firewall HTTP user authentication

In both examples, "1.2.3.4" should be replaced with the IP address of the firewall.

Using form-based logon:
http://1.2.3.4/loginuser?Username=MYUID&Password=MYPWD

Using HTTP basic auth:
http://MYUID:MYPWD@1.2.3.4/

Telia ADSL / Cable network logon

To log on to Telia ADSL / Cable networks, two URLs are needed:

  • http://10.0.0.6/sd/init
  • http://10.0.0.6/sd/login?username=MYUID&password=MYPWD&submitForm=Logga+in