I have a friend at uni behind a restrictive firewall, and he wants to play Rise of Nations(not using GameSpy matchmaking). To get past it, I've got this idea: RiseOfNations(Mate's Computer) \/ TunnelNode(Mate's Computer) \/ \/ HTTP Proxy \/ \/ TunnelNode(My Computer) \/ RiseOfNations(My Computer) The TunnelNode on his machine wouldn't have any user modifiable settings(my IP address is static). The TunnelNode on my machine would have space to enter hostname and IP to establish a link to(usually to the game being hosted on my machine). Now am I right in saying this should work? Unless the game has some stupid feature which rejects connections from the same IP address. I'm unsure to how much latency this possible solution might have, I suppose it depends on how sluggish the Proxy server is.

Quote:Original post by Fruny

Quote:HTTP tunnel for game clients behind proxy

Did you mean TCP tunnelling?

I'm thinking he's meaning HTTP. If you are behind a firewall that is out of your control - work, university, library - most TCP ports ate not accessible. However, port 80 - http - is always avaliable. If you could convert the data and reroute it through 80 - then have some other program that listens through 80 to get the data, you can easily bypass the firewall. Now this is very complicated - but I know its possible. I looked into HTTP tunneling for running BitTorrent behind an uncontrolable firewall.

However there is one main problem. The only way I've seen this to work is to buy bandwith from a company that owns a program, Http Tunnel. I'm sure if you had the time, you could make your own if you had another computer and linux perhaps, but I do not know of any resources telling about this.

Yes, I think he means "HTTP" tunneling. A good firewall+web proxy can and does actually read the data being sent - rather then just blindly allowing arbitrary TCP transmission over port 80, it parses HTTP requests (rejecting connections opened that do not send a value HTTP command) and then retransmits them, oftening adding or removing information (for example a feature of many HTTP proxies is that they can replace user agent fields and strip cookies - so no matter what web browser you use, it always appears to a web server that you are using IE on Windows XP with cookies disabled).

That means to properly tunnel through such a firewall you cannot simply open a TCP connection and start pushing through data (either TCP data that will be retransmitted to the correct port by another computer, or more complex UDP data that will be parsed and then properly relayed as individual packets). Unless incoming HTTP connections are allowed (highly unlikely) this means that all outgoing data through the proxy must be encoded into HTTP requests (the usual method is to use the post field to ensure the data is not stripped or changed). The challenge of course comes in how to make it as effecient as possible.

Of course many such tunneling programs already exist - i.e. Google search

I've done a brief check of the keele.ac.uk proxy, and SOCKS is not enabled, so I'm stuck with using HTTP. I'm under the impression that I can use Keep-Alive for sending chunks of data without having to open a new connection to my TunnelNode app, of course, this is if the proxy supports it. If I had two connections from my mate's comp, through the tunnel, I could use one which is parading as a multi-part POST file upload, and simply put his outgoing data into that, and then using the other connection, parade as a multi-part GET response. Obviously I need to do some indepth research into HTTP tunnelling, and what the Keele Uni proxy has disabled/enabled with regards to session timeouts, keep-alive, HTTP/1.1 for multi-part support, etc. Is this sounding feasible? I'm hoping to have a test app to see how fast his proxy deals with HTTP requests, anything over 100ms total trip time and I'll probably sack this idea in... we shall see.