Well, apparently my college is blocking all ports but 80. I did a port scan of all ports up to 27015, and Port Scan 1.1 says only 135 and 139 are open. My IT says that port 80 is open for internet, 443 is open for HTTPS, and he says telnet (23) is blocked. I'm friends with a sysop of a board who will run a proxy on her computer, which can forward me to port 23, but I can't seem to do anything. I've tried going through port 80, 135, 139, 443, everything! I've done a command prompt for netstat -a and given her the listings of what's listening, but I can't go out through those ports either. My college is using a system called Shield. Also, we can use paypal/ebay so 443 is open; we can browse the internet so 80 should be open. We connect through a proxy through port 8080. We can also get hotmail to work. My college says it's because they want to make sure they can monitor our web activity, and port 80 is the only port they can monitor. My question is: how the heck can I get to play MUDs? Every time she's opened up her BBS to accept through a particular port, and set up a proxy that listens for requests to that port, I haven't been able to connect. Do you guys have any ideas?
Playing Muds through a firewall?
Posted by Tyrael on Tue 30 Sep 2003 02:15 AM — 26 posts, 116,705 views.
I'm a little confused as to why you're trying to connect to all those ports... shouldn't you just be connecting to the MUD's port? Unless you're talking about using those ports to get to that proxy thing, which it would have to forward you not to port 23 but to whatever port your MUD uses.
I'm a little surprised that your school is blocking outgoing connections. Blocking the incoming connections is quite normal for a firewall and all that, but blocking outgoing seems extremely odd to me. Your school seems like somewhat of a control freak... :/
I'm a little surprised that your school is blocking outgoing connections. Blocking the incoming connections is quite normal for a firewall and all that, but blocking outgoing seems extremely odd to me. Your school seems like somewhat of a control freak... :/
Exactly! And yes, I'm trying to connect to the proxy program my buddy has set up outside the campus in order to get to a port the BBS is run on. Since my buddy is the sysop she can run the BBS on any port. However, it seems just about all outgoing activity is blocked. I asked our IT guy why he's doing this and he said it's because the want to make sure they can monitor all our activity, and port 80 is the only traceable port. So once again, how would I be able to connect through the FW to my buddy's proxy program? She tried running it on port 135/139, the only ones the port scanner I have detected as open, and couldn't because another program was using it. Netbios is on 139, don't remember what was on 135. So I'm in quite a conundrum. Any suggestions would be welcome as to opening any ports, going through any ports that are open, etc.
I have this program called HTTPort 3.SNF2. It seems to have potential but I can't figure it out. I have a new mapping with local port 135, remote port as 23, but I don't know the remote host of my bud's BBS. Anyone have any experience with this program that can use to enlighten me? Any help is appreciated of course. :)
Well, my IT guy says port 443 is open, but the port scanner still says only 135 (loc-host) and 139 (netbios-ssn) are open. I can get to HTTPS servers such as paypal/ebay, and login, so 443 must be open in some capacity. I've been trying to use HTTPort and having my buddy use HTTHost on her computer, but we've had no luck. Heeelp. :)
I believe that out there somewhere, in the vast ether of the internet, there are people who host little Java applets that are telnet clients. You could try searching for one and using it, but I don't know if you'll find it.
Actually, this may not work either because the Java applet runs locally on your machine, and may try to locally establish a telnet connection and fail.
Does your school allow outgoing FTP connections? Isn't that ... port 21? (I think... it's one of 21, 22 or 23 I believe). You could try "hijacking" (as that's what we're doing here :P) that port and connecting to your friend's server.
Man, I'm glad my college isn't doing what yours is. That really sucks... I feel sorry for you. :/
Actually, this may not work either because the Java applet runs locally on your machine, and may try to locally establish a telnet connection and fail.
Does your school allow outgoing FTP connections? Isn't that ... port 21? (I think... it's one of 21, 22 or 23 I believe). You could try "hijacking" (as that's what we're doing here :P) that port and connecting to your friend's server.
Man, I'm glad my college isn't doing what yours is. That really sucks... I feel sorry for you. :/
First, if only port 80 is open I don't see the point in trying other ports.
However if you connect via 8080 it sounds like port 80 is in fact not open, however you connect to 8080 to the proxy, and they connect outwards to 80.
It is quite likely that at 8080 is an HTTP proxy which would therefore only accept HTTP requests like this:
GET /myurl HTTP/1.0
Thus, things like "kill green dragon" are likely to be discarded (and/or logged).
It is possible that your college is only allowing HTTP via 8080 because it believes it is providing a service for browsing the Net (and they may block sites they consider undesirable while they are at it), and not for general game-playing, ftp-ing files, and so on.
The trouble is, whilst a MUD might be low bandwidth, once they allow outgoing connections in general they may have people playing Quake with friends on the other side of the world, and their bandwidth goes through the roof. Then people complain the connection is too slow.
Sorry, sounds like the firewall is doing what it is designed to do. All I can suggest is making a case out to open up MUD ports provided you guarantee the bandwidth utilisation will be low.
However if you connect via 8080 it sounds like port 80 is in fact not open, however you connect to 8080 to the proxy, and they connect outwards to 80.
It is quite likely that at 8080 is an HTTP proxy which would therefore only accept HTTP requests like this:
GET /myurl HTTP/1.0
Thus, things like "kill green dragon" are likely to be discarded (and/or logged).
It is possible that your college is only allowing HTTP via 8080 because it believes it is providing a service for browsing the Net (and they may block sites they consider undesirable while they are at it), and not for general game-playing, ftp-ing files, and so on.
The trouble is, whilst a MUD might be low bandwidth, once they allow outgoing connections in general they may have people playing Quake with friends on the other side of the world, and their bandwidth goes through the roof. Then people complain the connection is too slow.
Sorry, sounds like the firewall is doing what it is designed to do. All I can suggest is making a case out to open up MUD ports provided you guarantee the bandwidth utilisation will be low.
However what might work, Ksilyan, and this would be an interesting project, would be to make a "pseudo" web server that fools college proxy servers into thinking they are dealing in web pages, but actually connects to a MUD.
It would work something like this (assuming it hasn't been done already) ...
You connect to the "pseudo server" and get it to make a "real" connection to the MUD, eg.
You would get back some sort of ID that identifies the session. Then each line of text you type might come like this:
However this doesn't solve the problem of the scrolling output coming back - no doubt there would be a way. :)
It would work something like this (assuming it hasn't been done already) ...
You connect to the "pseudo server" and get it to make a "real" connection to the MUD, eg.
POST /do-connection HTTP/1.0
(blank line)
mud=my.mud.com&port=4000
You would get back some sort of ID that identifies the session. Then each line of text you type might come like this:
POST /send-line HTTP/1.0
(blank line)
id=123456&text=go%20west
However this doesn't solve the problem of the scrolling output coming back - no doubt there would be a way. :)
Actually, it's doomed. They block the ports because they can only monitor web pages, not muds etc. They want to make sure they can monitor everything we're doing so that they can bust people for porn, mp3s etc. This is straight from the IT's mouth. He even blatently said there's no way they'll open up port 23. Therefore I'm screwed because it has nothing to do with bandwidth, and everything to do with control.
Yes, a fake HTTP server in that way would probably work, but it may be a fair amount of work to actually implement something like that that could handle multiple users. But I'm almost certain that such a thing is possible.
I'd also be quite surprised if it didn't already exist; other people have the problem of overly aggressive sysops wanting to control everything, and so they've made ways to get around it, e.g. by using the kind of fake HTTP server we're talking about.
Tyrael, have you tried searching for such things? Your sysop friend could install them, and then you connect to them through her machine.
Does this also mean that things like IM, IRC, and all that, don't work from your college? That's just really icky. Perhaps it's worth looking into getting a separate ISP, or is that not possible?
I'd also be quite surprised if it didn't already exist; other people have the problem of overly aggressive sysops wanting to control everything, and so they've made ways to get around it, e.g. by using the kind of fake HTTP server we're talking about.
Tyrael, have you tried searching for such things? Your sysop friend could install them, and then you connect to them through her machine.
Does this also mean that things like IM, IRC, and all that, don't work from your college? That's just really icky. Perhaps it's worth looking into getting a separate ISP, or is that not possible?
Quote:
Actually, it's doomed.
Actually, it's doomed.
I don't see why. A carefully crafted tool which consisted of something you ran at your end which transformed mud input/output into innocuous-looking web pages, and then transformed the results back, which connected to a pseudo-web server run at your friend's site, should fool anyone who didn't know what to look for.
For instance, it could look like a Google search:
Search for: kill monster, go east
Or you could go further and obscure the actual words with some low-level encryption (eg. ROT13).
Another approach which might work would be to use some out-of-band approach, depending on what the sysop lets through. Let's say s/he lets pings through for instance. You could ping this intermediate site:
PING with message: OPEN DOOR; PRACTICE KICK
Then the ping response could be: THE DOOR OPENS
Could be a fun project. :)
Yes, things like IMs and file-sharing are blocked, except for AIM, which can work through the proxy. As far as the fake HTTP thing, I have no idea how to do that, so I wouldn't be able to. And by saying "It's doomed" I meant that there's no chance the IT guy will open up any ports.
If you can AIM through a proxy, why not just setup this to do the same thing? Have the text you send, be converted to AIM-protocol (on clientside) and sent proxy, which converts to normal and sends to mud, and then the text gotten back, be converted from normal mud text (at proxy) and then send to you via AIM like thing, and then clientside you convert back to traditional mudclient.
New Hopes
Maybe it is a solution for you and it's call Cliser. You can found it at www.mosha.net.The idea behind Cliser is to resolve problems like yours and to allow usage of MUSHclient from your computer.Also you can play from their page but is not like playing from "home".
Unfortunately for me doesnt work because my problem is a little bit different.I'm behind a firewall(a Linux box which have MASQERADE up) and i have no problems with it admin. But my ISP has choosed to close port 23.So i can play MUDs which use any other ports. But my preferred MUD function only on port 23 and their admins have no intention to open a second port.As a solution I tried Cliser but it seems that it cant cooperate with MASQ.
If you have or not succes with Cliser please post here an info.
Maybe it is a solution for you and it's call Cliser. You can found it at www.mosha.net.The idea behind Cliser is to resolve problems like yours and to allow usage of MUSHclient from your computer.Also you can play from their page but is not like playing from "home".
Unfortunately for me doesnt work because my problem is a little bit different.I'm behind a firewall(a Linux box which have MASQERADE up) and i have no problems with it admin. But my ISP has choosed to close port 23.So i can play MUDs which use any other ports. But my preferred MUD function only on port 23 and their admins have no intention to open a second port.As a solution I tried Cliser but it seems that it cant cooperate with MASQ.
If you have or not succes with Cliser please post here an info.
Well, i've tried cliser.. but it won't do any good it requires an ID, and I don't even know what the ID does My PC sent to the default Gateway. FYI my gateway is CISCO hrmppfff it's hard to know when no network admin is arround bleehh.. Firewall SUCKS !!
Even if you were able to get away out, you would still be in breach of your User Policy and if caught most likely to loose internet use and possibly suspention if your user policy is anything like that my kid has at highschool.
I know this doesnt help you but it might be easier just to get some other internet connecion to your room.
I know this doesnt help you but it might be easier just to get some other internet connecion to your room.
http://www.mosha.net/01-telnet-gateway/telnet.shtml
This might work.
This might work.
Ok, I know this is an old thread, but I just stumbled on this post today. I am a registered user of MUSHClient, and I've been using Cliser for quite some time now.
In case anyone out there still needs help with cliser here are the steps:
1. you go to:
http://www.mosha.net/01-telnet-gateway/register.html
2. there you register, to register, you provide a valid email address, and you fill in the address and the port of the server to wich you want to be able to connect. you can put up to 3 different servers.it is VERY important that you register from the machine from wich you will later use cliser to conect. the cliser registration process automatically obtains the address of yoru ISP and onlly allows connection FROM that ISP to the servers you fill in.
3. the Cliser ID is sent to you to the email addy you provided.
4. You download cliser
5. you edit the cliser ini file and in the last line put your ID, the file is pretty much self explanatory, you need not chane anythign else in the file.
6. you open a command promt or DOS window and execute cliser with a line that looks like this:
cliser proxy proxyport remoteserver remoteport nnnn
where proxy is your porxy server, you can get this fromthe internet explorer internets options in the connections tab.
proxyport is obviously the port, you can get this from the same place. usually 8080.
remoteserver is the addres you want to connect to. or the name.
remoteport is the port of the MUD/MUSH etc.
nnnn is a 4 digits number I'd suggest between 2000 and 3000
once that is done you open mushclient and connect to localhost on port nnnn where nnnn is the number you provided.
that should do it.
hope it's usefull to someone.
In case anyone out there still needs help with cliser here are the steps:
1. you go to:
http://www.mosha.net/01-telnet-gateway/register.html
2. there you register, to register, you provide a valid email address, and you fill in the address and the port of the server to wich you want to be able to connect. you can put up to 3 different servers.it is VERY important that you register from the machine from wich you will later use cliser to conect. the cliser registration process automatically obtains the address of yoru ISP and onlly allows connection FROM that ISP to the servers you fill in.
3. the Cliser ID is sent to you to the email addy you provided.
4. You download cliser
5. you edit the cliser ini file and in the last line put your ID, the file is pretty much self explanatory, you need not chane anythign else in the file.
6. you open a command promt or DOS window and execute cliser with a line that looks like this:
cliser proxy proxyport remoteserver remoteport nnnn
where proxy is your porxy server, you can get this fromthe internet explorer internets options in the connections tab.
proxyport is obviously the port, you can get this from the same place. usually 8080.
remoteserver is the addres you want to connect to. or the name.
remoteport is the port of the MUD/MUSH etc.
nnnn is a 4 digits number I'd suggest between 2000 and 3000
once that is done you open mushclient and connect to localhost on port nnnn where nnnn is the number you provided.
that should do it.
hope it's usefull to someone.
BTW, I must add that I've used Cliser from behind extremely secured firewalls and tight connection policys.
Cliser apparently encripts everything and so far, it's proveed undetectable to the places I've used it from.
Connection Freedom to the World!!!
Cliser apparently encripts everything and so far, it's proveed undetectable to the places I've used it from.
Connection Freedom to the World!!!
Thanks for that information. I have added a link to this page from my page about resolving connection problems:
http://www.gammon.com.au/forum/?id=8369
http://www.gammon.com.au/forum/?id=8369
I'm timing out when I try to register the site I want for cliser, this usual?
Do you know if it takes them a while to give you an ID? I've registered yesterday but still no ID was emailed to me. I've even checked my junk mail folder.
For instance, I know that we are behind a sort of proxy. We have private ips for the network and we all go outside with one IP (probably the one you'd see here). I know the IP of the proxy but I dont know the port. I've checked my internet settings but there's nothing there.
Any ideas?
For instance, I know that we are behind a sort of proxy. We have private ips for the network and we all go outside with one IP (probably the one you'd see here). I know the IP of the proxy but I dont know the port. I've checked my internet settings but there's nothing there.
Any ideas?
Well. I was able to solve it.
I was a bit impatient I guess.
I was a bit impatient I guess.
I downloaded cliser / got my ID / know how it works.
The problem is my work doesn't give admin accounts so I can't access the internet options to show me my proxy server in IE. Additionallyk, sites such as my-proxy.com are almost all blocked, and the ones which are not return my proxy address as "elite proxy" or "highly anonymous proxy"
Is there any way for me to find out what my proxy is...or change it?
Any help would be greatly appreciated.
The problem is my work doesn't give admin accounts so I can't access the internet options to show me my proxy server in IE. Additionallyk, sites such as my-proxy.com are almost all blocked, and the ones which are not return my proxy address as "elite proxy" or "highly anonymous proxy"
Is there any way for me to find out what my proxy is...or change it?
Any help would be greatly appreciated.
Sounds like your work doesn't want you to play games at work.
I doubt if you can do much, their system administrators probably know all the proxy server addresses. They may also log what goes through them. If they see thousands of entries in the log which look like "go north, kill monster", you may soon find yourself looking for a different job.
I doubt if you can do much, their system administrators probably know all the proxy server addresses. They may also log what goes through them. If they see thousands of entries in the log which look like "go north, kill monster", you may soon find yourself looking for a different job.
well, I think this ridiculous security is mostly for the other people I work with because I'm just summer interning here - they only give me about 2-3 hours of work a day max and then expect me to "occupy myself." I guess I'll go back to reading or playing spider solitaire.
thanks anyway though!
thanks anyway though!