• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Getting around a firewall

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
I think his problem is because of the router and not the firewall. As the router does not give him a real ip for use on the net.
So dynip might work.
When you register for dynip you get a host name like namit.dynip.com which will direct all requests on that name to your computer. Just try running it. www.dynip.com
 
Well Ace, here is my experience with a firewall:

I taught a school that installed a firewall and private ip system (NAT) for the district. Needless to say, I had a tough time giving up several of the ports that I had become accustomed to using. Long story short, I begged the sys admin (who I knew relatively well and who was also addicted to several ports 8)) and he told me an ip that I could use that would BYPASS the firewall. This was a PUBLIC ip that was apparently left available for his use. I guess the bribery thing is my best advice...hehe.

I obviously have no way of knowing about your admin, but who knows...
 
I have gotten a set of old IPs that a guy that works down in the computer center had. These are the IPs that were on campus before the DHCP. I wonder if they still work and I can get around them.
 
OK, I have tried to use dynip and it seemed to be a pretty good idea. I think that it worked in the fact that it is broadcasting my name. BTW, it is ace.dynip.com. See if you guys can connect to it. I am simply running a FTP server on it right now to test to see if I can get any incoming TCP connections. Nothing yet though. I had some guy that I met try to get on it but he said that it would continue searcing and never find it. I tried it on my roomate's computer and it worked so I know that it is working but that damn firewall just will not let people through. Do you think I could use HTTPort that tunnels TCP traffic through port 80 and use dynip at the same time? That way, it would tunnel the traffic through and also be able to find my computer. Just an idea..
 
Ace, when I try to connect to your ftp site, the ace.dynip.com is resolving to 10.1.100.254 which is your internal network IP, you need to give it the public IP of the firewall/router.

STATUS:> Connecting to ace.dynip.com
STATUS:> Connecting to ace.dynip.com (ip = 10.1.100.254)
 
OK, here is a dumb question. How do I find out the IP of my firewall router for sure? I have had a few guesses, such as I went to grc.com and they traced my IP back as some weird IP that my university doesn't even support. I will try a few things, but keep trying and see what it does.

Thanks for the help!
 
Hi ace, I tried to conect to ftp://ace.dynip.com
and like it told me connecting and than I got an empty ftp root.
Have you put any files in the ftp server? and try running you http server as that will work better.
 
I didn't have it running there for a little bit. You can try again if you want. I have an IP in there that I 'think' is the IP of my firewall. Lemme knw what it does.

Thanks
 
i looked up the ip addy for ace.dynip and i was presented with this "63.92.153.98". i then looked up the description of "63.92.153.98" and was presented with this "cable-i-98.sigecom.net"
If you reverse lookup the address "63.92.153.254" you will get the resolved address "sighp1.sigecom.net". sigecom.net is a internet provider for indiana. then i looked at your email address and found that you attend the university of southern indiana hence sigecom.net is your provider. it appears the whole subnet(?) "63.92.153.XXX" are servers running various OS, and/or? routers. however the ip lookup of http://www.usi.edu revealed its ip to be 192.206.10.36 which is a totally different network?.

so in conclusion "63.92.153.254" might be the ip of your router.?

sorry if i just went off on a wild tangent im just a young one and dont really know what im doing and have no training in networking. hope i have been some help.

 
I guess this guy is absolutely right.
Now the only was is to telnet to the router whose ip is 63.92.153.254 and login as admin with the username and password (u will have to get it)
then redirect port 80 of the router to your PC's IP. And like my search shows that your network has one IP and 4 subnets with i guess 4 routers and you are part of one of the subnets. So you totally cross two routers to get to that one ip your unoversity has. usi.edu has its own ip which is not directly connected to your university network.
 
im not sure on this though but i think 63.92.153.254 belongs to sigecom.net and the router controling your traffic is 63.92.153.98


when i tried to telnet to 63.92.153.254 i was presented with this:

HP-UX sighp1 B.10.20 A 9000/810 (ttyp4)

login:

So this is a HP-UX (Hewlett Packard-UNIX????) box owned by sigecom.net.

a telnet to 63.92.153.98 simply locked up my telnet program
 
OK, just to give you a little updated info. I work at Sigecom and we supply 4 T1s to USI. However, I do not think that we control any of the firewaal/routers. That is all done by USI. I know this because I used to work at USI in the computer center and the netowrk admin said that we control all the services. Sigecom just supplys the connection. I have changed that IP because someone told me to change it from my internal IP to the firewall IP and the only IP that I kow of to be my firewall IP is that one. The reason I say this is because whenever someone else from the "outside". They always trace my IP as that Sigecom IP. I have no idea why it traces it back as that IP because we are all on the 192.x.x.x network. I have told some of the guys that I work with and they have no idea on why the outside traces my IP to the Sigecom IP.


Weird, ain't it? 😉
 
Ace, what I think everyone is missing here is the fact that you will probably NEVER be able to run a public server on an internal network unless you follow some very specific firewall setups. I'm assuming of course that the firewall admin set up proper rules.

1) You have no public address on which to run this server. If you wanted to host an application (web server, game server) on the internal network 10.x.x.x then an EXTERNAL STATIC NAT would need to be configured on the firewall. This is were a one-to-one relationship between a publically routable address maps to an internal host (ex, 63.92.153.X -> 10.0.0.254). That would handle the addressing problem you have. Next step...

2) By default a firewall does not allow inbound connection attempts to internal networks.

3) The game port is probably not allowed inbound on the firewall.

4) Any attempts to bypass security could get you into A LOT OF TROUBLE.

I'm not being facious but you really are wasting your time unless you can get the EXTERNAL STATIC NAT and inbound ports open. The class A 10.0.0.0 belongs to the RFC1918 private address space and is dropped by most internet routers or routed to NUL.

Nothing is stopping you from running a game server on the internal lan though.

Spidey
CCSE - checkpoint certified security engineer (only for some backing for my answer, I hate chumps who throw certifications around)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top