Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > My STUPID school has blocked EVERYTHING

My STUPID school has blocked EVERYTHING
Thread Tools
Zimwy
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status: Offline
Reply With Quote
Sep 16, 2003, 06:06 PM
 
Hi all,
My school (university) has done something incredibly frustrating. Here's the deal. Up until this year everything was completely nice and fine. All ports were open, blah blah blah. Okay, so over the summer I built myself a file/everything server (you can see pictures of it here). It lives in a friend's dormroom here at school. We're in different bulidings on hence on different subnets. Now, our school has gotten the genius idea that disabling inter-subnet communications ENTIRELY is a good idea. They still let us web server to the general internet (as you can see by the fact that you can get to the pictures, which are hosted on the computer I built), but it's FAR too dangerous for us to be able to talk to somebody's computer that's not in our building. Is there any way I can go about fixing this? (Besides talking to them and such, which I've already done, and they're very unhelpful). I would like to be able to view web pages on this computer (Port 80) and use apple file services on it as well (Port 590 or something?) Is there any way I can forward all my traffic on those ports out into the general internet and then back in again?

Thanks so much,
Gabe

EDIT: Oh yes. It's not that they've disabled those ports (as far as I know). It's that they've managed to STOP all internet traffic between the two. Would I possibly have to *spoof* my IP so that the school routers don't know I'm coming from another dorm?
( Last edited by Zimwy; Sep 16, 2003 at 06:19 PM. )
     
Partisan01
Dedicated MacNNer
Join Date: Sep 2003
Location: Pittsburgh, Pennsylvania
Status: Offline
Reply With Quote
Sep 16, 2003, 07:54 PM
 
Originally posted by Zimwy:
Hi all,
My school (university) has done something incredibly frustrating. Here's the deal. Up until this year everything was completely nice and fine. All ports were open, blah blah blah. Okay, so over the summer I built myself a file/everything server (you can see pictures of it here). It lives in a friend's dormroom here at school. We're in different bulidings on hence on different subnets. Now, our school has gotten the genius idea that disabling inter-subnet communications ENTIRELY is a good idea. They still let us web server to the general internet (as you can see by the fact that you can get to the pictures, which are hosted on the computer I built), but it's FAR too dangerous for us to be able to talk to somebody's computer that's not in our building. Is there any way I can go about fixing this? (Besides talking to them and such, which I've already done, and they're very unhelpful). I would like to be able to view web pages on this computer (Port 80) and use apple file services on it as well (Port 590 or something?) Is there any way I can forward all my traffic on those ports out into the general internet and then back in again?

Thanks so much,
Gabe

EDIT: Oh yes. It's not that they've disabled those ports (as far as I know). It's that they've managed to STOP all internet traffic between the two. Would I possibly have to *spoof* my IP so that the school routers don't know I'm coming from another dorm?

Hi

First off I am wondering why you're putting your box in your friends room and not yours, it sounds like both of you live on campus. But I'm sure you have reasons, so here's what I would suggest.

If I were you I would find out what ports are available to use. Because you're on different subnets you've been blocked at the router level. Not even blocked perse.

You could do a couple of things, the first would be to try different ports for ssh, I would try ports above 1024, the higher the better, it's possible you might be able to get through on one of those. You're best bet would be to find out what ports something like kazaa or another popular college program is run on and let out, and use that.

The last thing to do if this doesn't work is to port forward ssh to port 80 because that's world accessable. What I would do then is write a firewall rule that says if it's comming from your machine use ssh, if else use the web server which would be on another port, like 81, or 8080. I'm assuming you are doing this with OSX, I'm not to familiar with it at all, my Unix experience lies in OpenBSD and pf. Let us know what you figure out.

Nate
     
kampl
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status: Offline
Reply With Quote
Sep 16, 2003, 10:48 PM
 
Have you port scanned your buddy's server to see what's up? Try sudo nmap -sS buddy.server.addr.here to see what intranet communications are possible if any. I forget if nmap is built in or not. You can go to Insecure.org to get it.

On a sidenote they, like many universities, have probably blocked a few ports to combat the influx of new/old students coming in with W32.blaster or W32.Welchia infections so as to not bring the network to it's knees. Not Mac applicable but something to think about in so far as administration's justification to filter traffic from LAN to LAN.
( Last edited by kampl; Sep 16, 2003 at 10:58 PM. )
     
Zimwy  (op)
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status: Offline
Reply With Quote
Sep 17, 2003, 01:51 AM
 
Hey,
Thanks for your replies. With the help of some people from the macnn IRC channel, I ran NMAP like this:
sudo nmap -P0 -sS -vvv -p 1-1300 IP_ADDRESS

and found that absolutely every single port is blocked. Including 80. I guess that's that then.

gabe
     
Kurlon
Fresh-Faced Recruit
Join Date: Sep 2003
Location: Portland ME
Status: Offline
Reply With Quote
Sep 17, 2003, 11:20 AM
 
If you are absolutely intent on having network communication with him, you're going to have to utilize a common thirdparty box you can both access. That box will be your relay point. The sucky bit is all traffic between your machines will go off network then back on, but you'll atleast have some form of networking.

Quick and dirty, have both systems get setup with one of the free IPv6 to 4 tunnel providers. You'll then be able to access each other via ipv6. If that doesn't work, you'll need to utilize some form of 'vpn' such as ipsec and gif tunnels to get the job done.

Whatever you do, MAKE SURE YOU FIREWALL IT WELL! The last thing you need is to leave your setup such that someone ELSE can use the tunnel to masqarade as you while performing nefarious acts on the net.
     
Zimwy  (op)
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status: Offline
Reply With Quote
Sep 17, 2003, 01:30 PM
 
Okay,
I think I can handle that, and do a little better, but I'm not sure. There is a computer lab here at school to which I have a non-root account. THe lab is running Debian linux, and CAN access both subnets. Is it possible to run these things you say without having root priviledges?

Thanks,
gabe
     
geekwagon
Senior User
Join Date: Dec 2002
Location: Portland, OR
Status: Offline
Reply With Quote
Sep 17, 2003, 03:21 PM
 
Originally posted by Zimwy:
Okay,
I think I can handle that, and do a little better, but I'm not sure. There is a computer lab here at school to which I have a non-root account. THe lab is running Debian linux, and CAN access both subnets. Is it possible to run these things you say without having root priviledges?

Thanks,
gabe
Yes, you'll just have to use ports higher than 1024 (only root can bind to those.)
     
Partisan01
Dedicated MacNNer
Join Date: Sep 2003
Location: Pittsburgh, Pennsylvania
Status: Offline
Reply With Quote
Sep 17, 2003, 07:54 PM
 
Originally posted by geekwagon:
Yes, you'll just have to use ports higher than 1024 (only root can bind to those.)
If this box that can access both computers has ssh running you're set. I'm assuming you want to get a remote shell on your computer. Just ssh into the Debian box, and from that one ssh into your server. I do it all the time where I'm at, the routers block communication across subnets sometimes.

Best of luck

Nate
     
Zimwy  (op)
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status: Offline
Reply With Quote
Sep 17, 2003, 08:23 PM
 
Hi,
Yes yes. That's what I've been doing until now. The thing is I'd like to be able to forward Port 80 and 591 (AFP?) through there so I can mount the remote computer's (not the on ein the lab's) hard drive on my desktop.

Any advice?
gabe
     
Partisan01
Dedicated MacNNer
Join Date: Sep 2003
Location: Pittsburgh, Pennsylvania
Status: Offline
Reply With Quote
Sep 17, 2003, 11:08 PM
 
Originally posted by Zimwy:
Hi,
Yes yes. That's what I've been doing until now. The thing is I'd like to be able to forward Port 80 and 591 (AFP?) through there so I can mount the remote computer's (not the on ein the lab's) hard drive on my desktop.

Any advice?
gabe
Since you're able to get to the webserver there is a little work around you can do with that. Check out file manager php, it's a little file manager php page, doesn't need any libraries or compilation, just dump the file in the dir and you have access to what you want, you can upload, delete, create dirs, pretty much everything, nice graphical interface. If you can't find it let me know and i'll email it to ya. If you want to see what it looks like head over to

http://natetobik.mine.nu/partisan/file_manager.php

Hope this helps.

Nate
     
Zimwy  (op)
Dedicated MacNNer
Join Date: May 2002
Location: Brooklyn, NY
Status: Offline
Reply With Quote
Sep 18, 2003, 01:50 AM
 
Originally posted by Partisan01:
Since you're able to get to the webserver...
Hi,
Sorry, I don't think I said that. I'm NOT able to get to the web server. I am able to get to absolutely nothing of the imac unless I ssh into my computer lab first, and then do stuff from there. That file thing is cool though and definitely useful for other things.

gabe
     
Jellytussle
Dedicated MacNNer
Join Date: Jan 2001
Location: Badfort
Status: Offline
Reply With Quote
Sep 18, 2003, 01:59 PM
 
You can use ssh running on the debian box to tunnel the other ports between your two machines. 'man ssh' for details. You could also look at zebedee as well. Didn't we just have this discussion somewhere on the board? Also, search macosxhints, since this has been dealt with pretty comprehensively there, too.
You see, my friends, pirates are the key. - thalo
     
macvillage.net
Addicted to MacNN
Join Date: Sep 2000
Status: Offline
Reply With Quote
Sep 20, 2003, 04:48 PM
 
This is a common practice these days to stop P2P services on campuses.

Now they are all using offsite proxy's to allow it to work anyway.


The benefit is the reduced traffic as made surfing the web much faster. It's cut quite a bit off of most campus's that have done it.

It's like upgrading your network.
     
dialo
Senior User
Join Date: May 2002
Status: Offline
Reply With Quote
Sep 29, 2003, 10:10 AM
 
Originally posted by macvillage.net:
This is a common practice these days to stop P2P services on campuses.

Now they are all using offsite proxy's to allow it to work anyway.


The benefit is the reduced traffic as made surfing the web much faster. It's cut quite a bit off of most campus's that have done it.

It's like upgrading your network.
You aren't kidding. Back in the napster days, the network flat-out crawled in the evenings. Then that was banned and everything was much smoother, but increasingly got clogged up again. A year or two later, they shut down all the file sharing traffic altogether and it's flying again.
     
pwolfe1
Dedicated MacNNer
Join Date: Sep 2003
Location: Louisiana, US
Status: Offline
Reply With Quote
Sep 30, 2003, 10:02 AM
 
as a sysadmin for my school, I feel these bandwidth pangs first hand. Then we got a packeteer, and everything is fine now. We didn't completely do away with p2p, just limited the bandwidth the students can use. (i'm a student too) Good thing this is all ip based, and I can leave my ip un monitered.

http://www.packeteer.com/
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 11:38 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,