Re: [OFFTOPIC, yet related :)] Port access

From: Brian 'Astrolox' Wojtczak (astrolox@INNOCENT.COM)
Date: 10/31/98


Ok, this is simple.  Basically there is no way round it without messing
about with your firewall.  Hopefully you will understand more with a diagram.


           +-------+    +--------+
           | Fire  |    | School |--- Internal
Internet --|  wall |----|  Hub   |--- School
           |       |    |        |--- Network PCs
           +-------+    +--------+

I've assumed your network is using a Hub, as a 'ring' network would be a
bit foolish in a school, but it only really matters if you want the diagram
to be correct.  The problem is that all the PCs on your school network have
one network connection and the Firewall has two.  That is your firewall can
access the internet and the internal network.  It can, if it wishes, allow
any computer on the internal network to talk to computers on the external
network by relaying messages.  However it is much simpiler for it to just
ignore them, in which case they go no where.  The system could also be set
up to ignore messages for certian places and let messages for other places
through - hence the ability to block certian ports.

As you meantioned a proxy what I have said above, although true and
possible, is proberbly not what is happening.  That is your firewall is not
passing on messages AT ALL.  In fact I think you'll find that all the
computers are told to use the proxy server ( a program stored and running
on the firewall computer ).  The job of the proxy server is to sit there
saying "Who do you want to talk to and What do you want to say?" and then
saying to the other person "I'm a proxy, thingie wants to say ....".  To
put it bluntly - if anyone wants to correct me, please don't - i'm just
trying to make things simple to understand.

Anyways, thats how to do it.  You either have a 'gateway|firewall' as in my
first example; which restricts ports or cirtian messages/connections, or
you have a 'proxy|firewall' as in my my second example; which restricts
everything and acts as a go between for authorized traffic.

You'll find more information on proxys and firewalls in the RFCs.

GTG... Astrolox

Sometime in the past, Jodi Goddard <jodig@SPRINT.CA> wrote:
>Ok, here's the deal.
>
>I try to get on MUDs from my school network, so I can do some development
>from school when things get extremly boring :]
>
>HOWEVER, the loosers who run the network put Port access restrictions, and
>you can't connect to port 110 (POP mail, but I don't really care about
>that) and any port higher than 1024 (I think they are on to our secret! :] )
>
>I would also be interested in knowing HOW they do this *grin*
>
>Does anyone know a way around this; I tried Java Telnet app's as well as
>the Win Telnet.
>
>This is what I know of the network:
>        Windows NT (version ?)
>        A proxy server
>        Not sure of what kind of connection, but it usually transfers at
>57.6Kbytes (not bits)/s (What ever kind of line that is, I'm not sure)
>


--

Brian 'Astrolox' Wojtczak, astrolox@innocent.com

"Assassination is the extreme form of censorship"
 George Bernard Shaw (1856-1950)


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST