Sign in to follow this  
wildbunny

Getting around office firewalls - socket server

Recommended Posts

wildbunny    550
Hi guys,

I've been experimenting with the best and most accessible way to create a socket server for the game I'm writing. I'm particularly interested in the workings of office firewalls.

I've currently got my game server running on a TCP socket, port 80, which I figured would make it accessible to everyone, but it is not.

I'm guessing firewalls must be filtering based on content type? Bizarrely, when I had it running on port 443 (which is usually for HTTPS), it was more accessible than it is on 80.

Anyone have any more details about this kind of thing?

Cheers, Paul.

Share this post


Link to post
Share on other sites
Washu    7829
In general when using SSL/HTTPS the data portion of the packet is encrypted. As such it is difficult to apply any form of CBAC (Content Based Access Control) to it. Traffic over port 80 though is often subject to filtering via CBAC.

If the firewall is configured to block outgoing traffic to specific addresses, ranges, or based on content type then you will generally find yourself screwed either way. Besides which, intentionally attempting to bypass a firewall without the administrator's purview can be legally ambiguous at best. If its incoming traffic that's being blocked, its typically just the initial session that needs to be established to allow future data through.

If what you're really looking for are NAT punch-through solutions, that's different...

Share this post


Link to post
Share on other sites
wildbunny    550
I'm not sure which direction is being blocked, although I have a feeling its outbound because I'm not getting any connection requests from the client who ran the test on port 80.

I just want my game to be as accessible as possible without sinister intentions. Was wondering what other people do in this regard?

Share this post


Link to post
Share on other sites
hplus0603    11347
Some office firewalls use HTTP proxies for port 80 (and often port 443, too.)
This means that you can't just connect() on port 80 to an arbitrary host, you have to make a HTTP request to a proxy and have the proxy make the request for you.
Some proxies will support HTTP status 100/upgrade, to allow you to start out as a HTTP request but switch to another protocol.
Other proxies will support CONNECT based connections, that allow you to speak any protocol you want (this is mostly for HTTPS traffic.)

However, as ApockPiQ says: If the owner of the network has put a particular policy in place for that network, the smart thing to do is to respect that policy.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this