Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Anyone got any pointers in how this can be achieved?
Want a direct connection to my server at home from work (to run VNC etc), but work has a numerous filters and have locked down the outgoing connections to a few ports (the usual bunch, http/https/ftp/pop/smtp) - so need a way to tunnel (possible to encrypt?) to my server via port 80 (http), if its do-able?
Oh and both systems run XP, though a mac client would be useful.
cheers for any help on this 
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
does it have to be port 80? you can alter the port settings in VNC iirc, but you will just hit your works external IP, i assume your server is running on a private ip address, in which case youd need to get port forwarding setup at your work
[Edited on 17-09-2007 by Steve]
|
Aaron
Member
Registered: 9th Aug 04
Location: Cottingham, East Riding
User status: Offline
|
is port 3389 (outgoing) disabled at work?
[Edited on 17-09-2007 by Aj.]
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
setting up VNC isn't the problem though, the problem is getting around works and the councils firewalls, hence the reason for a HTTP tunnel (using port 80) rather than a direct connection between a VNC server and client.
As for what ports are blocked im not 100% sure, internally it's fine though but it's locked down tighter than a ducks backside with regards to the WAN/internet side of things.
been reading into HTTP tunneling and it just goes over my head, hence why i asked on here as i know theres a few network/IT engineers etc.
cheers for the help so far though guys,
Dom
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
you will need to set up incoming port forwarding at your works end for it to work
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
I used a tunnelling service once ... u had to pay some money - but u basically connected to their server, then all traffic went via that, to wherever / whatever you were connecting to... Got round most firewall / blocking stuff.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
setup port 80 on your router to forward to port 5900 on your PC.
If their firewalls only check that the destination port is port 80 it should be fine, however if it goes through something more indepth a layer7 firewall or a WebProxy it may not let it through due to content filtering.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Cheers guys,
Willay - We have a lease line (via NTL) that connects our network to the councils but we are forced to use a proxy server (based at the council) for internet access. It's filtered (not 100% sure what/how, but certainly typical url/swear filtering) internally as well as at the councils end and i believe ports are blocked at both ends (certainly at the councils end).
Have already tried setting up a proxy on my server at home, but it didn't want to know and my logs showed nothing (apart from yanks trying to access it  ).
If i forward port 80 to 5900, will i still beable to browse the net when at home?
Will give it ago eitherway 
Steve - it's port blocked, if not at our end certainly at the councils end so port forwarding isn't a suitable solution at work. Hence why im asking about HTTP tunneling - > More Here <
Paul - im too cheap to pay for it, plus it might it might not even work 
[Edited on 17-09-2007 by Dom]
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
there used to be a program for that we used at work, we used it to get on msn through port 80 i forget the name of it now, but i doubt it would work for incoming connections, either way as soon as you hit your work external IP something needs to direct the traffic to your server
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
you thinkings of that SocksCap (think it was called that), uses a socks proxy/connection to redirect traffic etc?
What i gather from reading about HTTP tunneling is that it wraps a connection within the HTTP protocol (connection gets encrypted), allowing you to bypass firewalls (as they just see typical HTTP packets).
Means you can connect to your computer/server at home and use MSN and browse the net without filtering etc
It's just a pain in the backside that i can't view audio forums that are useful to my job and i can't get them unblocked (to much effort, apparently, as the urls aren't blocked at our end) 
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
yeah thats outgoing to the net, incoming would be a different kettle of fish
|
Tim
Site Administrator
Registered: 21st Apr 00
User status: Offline
|
Google for sslexplorer
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Steve
yeah thats outgoing to the net, incoming would be a different kettle of fish
im guessing the incoming packet is routed back to your system as if it was typical http data, and then gets "unwrapped" - you run a client and a server, but from the stuff i've got my hands on you have to manually add each port/protocol, and thats a little bit above my head
tim - will give it a go
[Edited on 17-09-2007 by Dom]
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
how does it know its got to go back to your system? what tells it which ip address to hit?
|
Tim
Site Administrator
Registered: 21st Apr 00
User status: Offline
|
The same way the http data gets there -- because the proxy or firewall tracks connections.
It's only unwrapped once it hits the application running on your computer (stunnel etc), or the server running outside the firewall...
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
yeah but say your server is running a private ip of say 10.0.0.1 for arguments sake, you send some vnc traffic over port 80 from home, this hits the router/firewall at work, then how does it know to pass the connection to ip 10.0.0.1 without setting up port forwarding?
for the same reason if you setup 10.0.0.1 as a web server and tried to connect to it outside the workplace, it wouldn't work until you setup the router to forward http incoming requests there
[Edited on 17-09-2007 by Steve]
|
Tim
Site Administrator
Registered: 21st Apr 00
User status: Offline
|
Yes SSLExplorer would still need a port-forward on the destination. The difference is rather than port-forwarding directly to VNC, you forward to the SSLExplorer agent (or stunnel instance) and use it for multiple (and SSL encrypted) protocols...
|
