Hi guys,
I've been experimenting with the best and most accessible way to create a socket server for the game I'm writing. I'm particularly interested in the workings of office firewalls.
I've currently got my game server running on a TCP socket, port 80, which I figured would make it accessible to everyone, but it is not.
I'm guessing firewalls must be filtering based on content type? Bizarrely, when I had it running on port 443 (which is usually for HTTPS), it was more accessible than it is on 80.
Anyone have any more details about this kind of thing?
Cheers, Paul.
Getting around office firewalls - socket server
There are two directions to a firewall: blocking outbound traffic, and blocking incoming traffic. Which direction are you testing?
In general when using SSL/HTTPS the data portion of the packet is encrypted. As such it is difficult to apply any form of CBAC (Content Based Access Control) to it. Traffic over port 80 though is often subject to filtering via CBAC.
If the firewall is configured to block outgoing traffic to specific addresses, ranges, or based on content type then you will generally find yourself screwed either way. Besides which, intentionally attempting to bypass a firewall without the administrator's purview can be legally ambiguous at best. If its incoming traffic that's being blocked, its typically just the initial session that needs to be established to allow future data through.
If what you're really looking for are NAT punch-through solutions, that's different...
If the firewall is configured to block outgoing traffic to specific addresses, ranges, or based on content type then you will generally find yourself screwed either way. Besides which, intentionally attempting to bypass a firewall without the administrator's purview can be legally ambiguous at best. If its incoming traffic that's being blocked, its typically just the initial session that needs to be established to allow future data through.
If what you're really looking for are NAT punch-through solutions, that's different...
Author
I'm not sure which direction is being blocked, although I have a feeling its outbound because I'm not getting any connection requests from the client who ran the test on port 80.
I just want my game to be as accessible as possible without sinister intentions. Was wondering what other people do in this regard?
I just want my game to be as accessible as possible without sinister intentions. Was wondering what other people do in this regard?
Some office firewalls use HTTP proxies for port 80 (and often port 443, too.)
This means that you can't just connect() on port 80 to an arbitrary host, you have to make a HTTP request to a proxy and have the proxy make the request for you.
Some proxies will support HTTP status 100/upgrade, to allow you to start out as a HTTP request but switch to another protocol.
Other proxies will support CONNECT based connections, that allow you to speak any protocol you want (this is mostly for HTTPS traffic.)
However, as ApockPiQ says: If the owner of the network has put a particular policy in place for that network, the smart thing to do is to respect that policy.
This means that you can't just connect() on port 80 to an arbitrary host, you have to make a HTTP request to a proxy and have the proxy make the request for you.
Some proxies will support HTTP status 100/upgrade, to allow you to start out as a HTTP request but switch to another protocol.
Other proxies will support CONNECT based connections, that allow you to speak any protocol you want (this is mostly for HTTPS traffic.)
However, as ApockPiQ says: If the owner of the network has put a particular policy in place for that network, the smart thing to do is to respect that policy.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
