[Home] [Downloads] [Search] [Help/forum]


Register forum user name Search FAQ

Gammon Forum

[Folder]  Entire forum
-> [Folder]  MUDs
. -> [Folder]  General
. . -> [Subject]  Playing Muds through a firewall?

Playing Muds through a firewall?

It is now over 60 days since the last post. This thread is closed.     [Refresh] Refresh page


Pages: 1 2  

Posted by Tyrael   (6 posts)  [Biography] bio
Date Tue 30 Sep 2003 02:15 AM (UTC)
Message
Well, apparently my college is blocking all ports but 80. I did a port scan of all ports up to 27015, and Port Scan 1.1 says only 135 and 139 are open. My IT says that port 80 is open for internet, 443 is open for HTTPS, and he says telnet (23) is blocked. I'm friends with a sysop of a board who will run a proxy on her computer, which can forward me to port 23, but I can't seem to do anything. I've tried going through port 80, 135, 139, 443, everything! I've done a command prompt for netstat -a and given her the listings of what's listening, but I can't go out through those ports either. My college is using a system called Shield. Also, we can use paypal/ebay so 443 is open; we can browse the internet so 80 should be open. We connect through a proxy through port 8080. We can also get hotmail to work. My college says it's because they want to make sure they can monitor our web activity, and port 80 is the only port they can monitor. My question is: how the heck can I get to play MUDs? Every time she's opened up her BBS to accept through a particular port, and set up a proxy that listens for requests to that port, I haven't been able to connect. Do you guys have any ideas?
[Go to top] top

Posted by David Haley   USA  (3,881 posts)  [Biography] bio
Date Reply #1 on Tue 30 Sep 2003 04:22 AM (UTC)
Message
I'm a little confused as to why you're trying to connect to all those ports... shouldn't you just be connecting to the MUD's port? Unless you're talking about using those ports to get to that proxy thing, which it would have to forward you not to port 23 but to whatever port your MUD uses.

I'm a little surprised that your school is blocking outgoing connections. Blocking the incoming connections is quite normal for a firewall and all that, but blocking outgoing seems extremely odd to me. Your school seems like somewhat of a control freak... :/

David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone

http://david.the-haleys.org
[Go to top] top

Posted by Tyrael   (6 posts)  [Biography] bio
Date Reply #2 on Tue 30 Sep 2003 04:55 AM (UTC)
Message
Exactly! And yes, I'm trying to connect to the proxy program my buddy has set up outside the campus in order to get to a port the BBS is run on. Since my buddy is the sysop she can run the BBS on any port. However, it seems just about all outgoing activity is blocked. I asked our IT guy why he's doing this and he said it's because the want to make sure they can monitor all our activity, and port 80 is the only traceable port. So once again, how would I be able to connect through the FW to my buddy's proxy program? She tried running it on port 135/139, the only ones the port scanner I have detected as open, and couldn't because another program was using it. Netbios is on 139, don't remember what was on 135. So I'm in quite a conundrum. Any suggestions would be welcome as to opening any ports, going through any ports that are open, etc.
[Go to top] top

Posted by Tyrael   (6 posts)  [Biography] bio
Date Reply #3 on Tue 30 Sep 2003 05:09 AM (UTC)
Message
I have this program called HTTPort 3.SNF2. It seems to have potential but I can't figure it out. I have a new mapping with local port 135, remote port as 23, but I don't know the remote host of my bud's BBS. Anyone have any experience with this program that can use to enlighten me? Any help is appreciated of course. :)
[Go to top] top

Posted by Tyrael   (6 posts)  [Biography] bio
Date Reply #4 on Tue 30 Sep 2003 06:04 AM (UTC)
Message
Well, my IT guy says port 443 is open, but the port scanner still says only 135 (loc-host) and 139 (netbios-ssn) are open. I can get to HTTPS servers such as paypal/ebay, and login, so 443 must be open in some capacity. I've been trying to use HTTPort and having my buddy use HTTHost on her computer, but we've had no luck. Heeelp. :)
[Go to top] top

Posted by David Haley   USA  (3,881 posts)  [Biography] bio
Date Reply #5 on Tue 30 Sep 2003 07:10 AM (UTC)
Message
I believe that out there somewhere, in the vast ether of the internet, there are people who host little Java applets that are telnet clients. You could try searching for one and using it, but I don't know if you'll find it.

Actually, this may not work either because the Java applet runs locally on your machine, and may try to locally establish a telnet connection and fail.

Does your school allow outgoing FTP connections? Isn't that ... port 21? (I think... it's one of 21, 22 or 23 I believe). You could try "hijacking" (as that's what we're doing here :P) that port and connecting to your friend's server.

Man, I'm glad my college isn't doing what yours is. That really sucks... I feel sorry for you. :/

David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone

http://david.the-haleys.org
[Go to top] top

Posted by Nick Gammon   Australia  (22,973 posts)  [Biography] bio   Forum Administrator
Date Reply #6 on Tue 30 Sep 2003 07:15 AM (UTC)
Message
First, if only port 80 is open I don't see the point in trying other ports.

However if you connect via 8080 it sounds like port 80 is in fact not open, however you connect to 8080 to the proxy, and they connect outwards to 80.

It is quite likely that at 8080 is an HTTP proxy which would therefore only accept HTTP requests like this:

GET /myurl HTTP/1.0

Thus, things like "kill green dragon" are likely to be discarded (and/or logged).

It is possible that your college is only allowing HTTP via 8080 because it believes it is providing a service for browsing the Net (and they may block sites they consider undesirable while they are at it), and not for general game-playing, ftp-ing files, and so on.

The trouble is, whilst a MUD might be low bandwidth, once they allow outgoing connections in general they may have people playing Quake with friends on the other side of the world, and their bandwidth goes through the roof. Then people complain the connection is too slow.

Sorry, sounds like the firewall is doing what it is designed to do. All I can suggest is making a case out to open up MUD ports provided you guarantee the bandwidth utilisation will be low.

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by Nick Gammon   Australia  (22,973 posts)  [Biography] bio   Forum Administrator
Date Reply #7 on Tue 30 Sep 2003 07:21 AM (UTC)
Message
However what might work, Ksilyan, and this would be an interesting project, would be to make a "pseudo" web server that fools college proxy servers into thinking they are dealing in web pages, but actually connects to a MUD.

It would work something like this (assuming it hasn't been done already) ...

You connect to the "pseudo server" and get it to make a "real" connection to the MUD, eg.


POST /do-connection HTTP/1.0
(blank line)
mud=my.mud.com&port=4000


You would get back some sort of ID that identifies the session. Then each line of text you type might come like this:


POST /send-line HTTP/1.0
(blank line)
id=123456&text=go%20west


However this doesn't solve the problem of the scrolling output coming back - no doubt there would be a way. :)

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by Tyrael   (6 posts)  [Biography] bio
Date Reply #8 on Tue 30 Sep 2003 05:35 PM (UTC)
Message
Actually, it's doomed. They block the ports because they can only monitor web pages, not muds etc. They want to make sure they can monitor everything we're doing so that they can bust people for porn, mp3s etc. This is straight from the IT's mouth. He even blatently said there's no way they'll open up port 23. Therefore I'm screwed because it has nothing to do with bandwidth, and everything to do with control.
[Go to top] top

Posted by David Haley   USA  (3,881 posts)  [Biography] bio
Date Reply #9 on Tue 30 Sep 2003 05:52 PM (UTC)
Message
Yes, a fake HTTP server in that way would probably work, but it may be a fair amount of work to actually implement something like that that could handle multiple users. But I'm almost certain that such a thing is possible.

I'd also be quite surprised if it didn't already exist; other people have the problem of overly aggressive sysops wanting to control everything, and so they've made ways to get around it, e.g. by using the kind of fake HTTP server we're talking about.

Tyrael, have you tried searching for such things? Your sysop friend could install them, and then you connect to them through her machine.

Does this also mean that things like IM, IRC, and all that, don't work from your college? That's just really icky. Perhaps it's worth looking into getting a separate ISP, or is that not possible?

David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone

http://david.the-haleys.org
[Go to top] top

Posted by Nick Gammon   Australia  (22,973 posts)  [Biography] bio   Forum Administrator
Date Reply #10 on Tue 30 Sep 2003 10:04 PM (UTC)
Message
Quote:

Actually, it's doomed.


I don't see why. A carefully crafted tool which consisted of something you ran at your end which transformed mud input/output into innocuous-looking web pages, and then transformed the results back, which connected to a pseudo-web server run at your friend's site, should fool anyone who didn't know what to look for.

For instance, it could look like a Google search:

Search for: kill monster, go east

Or you could go further and obscure the actual words with some low-level encryption (eg. ROT13).

Another approach which might work would be to use some out-of-band approach, depending on what the sysop lets through. Let's say s/he lets pings through for instance. You could ping this intermediate site:

PING with message: OPEN DOOR; PRACTICE KICK

Then the ping response could be: THE DOOR OPENS

Could be a fun project. :)

- Nick Gammon

www.gammon.com.au, www.mushclient.com
[Go to top] top

Posted by Tyrael   (6 posts)  [Biography] bio
Date Reply #11 on Wed 01 Oct 2003 01:45 AM (UTC)
Message
Yes, things like IMs and file-sharing are blocked, except for AIM, which can work through the proxy. As far as the fake HTTP thing, I have no idea how to do that, so I wouldn't be able to. And by saying "It's doomed" I meant that there's no chance the IT guy will open up any ports.
[Go to top] top

Posted by Flannel   USA  (1,230 posts)  [Biography] bio
Date Reply #12 on Wed 01 Oct 2003 04:01 AM (UTC)
Message
If you can AIM through a proxy, why not just setup this to do the same thing? Have the text you send, be converted to AIM-protocol (on clientside) and sent proxy, which converts to normal and sends to mud, and then the text gotten back, be converted from normal mud text (at proxy) and then send to you via AIM like thing, and then clientside you convert back to traditional mudclient.

~Flannel

Messiah of Rose
Eternity's Trials.

Clones are people two.
[Go to top] top

Posted by Lotheralyn   (1 post)  [Biography] bio
Date Reply #13 on Thu 02 Oct 2003 10:06 AM (UTC)
Message
New Hopes

Maybe it is a solution for you and it's call Cliser. You can found it at www.mosha.net.The idea behind Cliser is to resolve problems like yours and to allow usage of MUSHclient from your computer.Also you can play from their page but is not like playing from "home".
Unfortunately for me doesnt work because my problem is a little bit different.I'm behind a firewall(a Linux box which have MASQERADE up) and i have no problems with it admin. But my ISP has choosed to close port 23.So i can play MUDs which use any other ports. But my preferred MUD function only on port 23 and their admins have no intention to open a second port.As a solution I tried Cliser but it seems that it cant cooperate with MASQ.
If you have or not succes with Cliser please post here an info.

[Go to top] top

Posted by Bangke   Indonesia  (1 post)  [Biography] bio
Date Reply #14 on Thu 23 Sep 2004 10:00 AM (UTC)
Message
Well, i've tried cliser.. but it won't do any good it requires an ID, and I don't even know what the ID does My PC sent to the default Gateway. FYI my gateway is CISCO hrmppfff it's hard to know when no network admin is arround bleehh.. Firewall SUCKS !!
[Go to top] top

The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).

To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.


79,966 views.

This is page 1, subject is 2 pages long: 1 2  [Next page]

It is now over 60 days since the last post. This thread is closed.     [Refresh] Refresh page

Go to topic:           Search the forum


[Go to top] top

Quick links: MUSHclient. MUSHclient help. Forum shortcuts. Posting templates. Lua modules. Lua documentation.

Information and images on this site are licensed under the Creative Commons Attribution 3.0 Australia License unless stated otherwise.

[Home]


Written by Nick Gammon - 5K   profile for Nick Gammon on Stack Exchange, a network of free, community-driven Q&A sites   Marriage equality

Comments to: Gammon Software support
[RH click to get RSS URL] Forum RSS feed ( https://gammon.com.au/rss/forum.xml )

[Best viewed with any browser - 2K]    [Hosted at HostDash]