Forgot your password?
typodupeerror
News

Firewall Traversal for Macs? 12

Posted by Cliff
from the getting-out-from-behind-the-data-dam dept.
TexTex asks: "I find myself lacking in many of the joys of the internet while at work, largely because of a particularly effective firewall. While it works great at keeping stuff out, it also keeps me in. FTP and HTTP proxies are the only available exit (no SOCKS). Also, I'm using a Mac so firewall support on many of the apps are not as flexible as I'd like. Napster, Gntuella, and Quicktime streams are unavailable (not to mention all those swell Yahoo internet games). Any ideas how a lone Mac user can escape from the inside?"
This discussion has been archived. No new comments can be posted.

Firewall Traversal for Macs?

Comments Filter:
  • ZD's Firewalls Alternatip [techtv.com] might be useful. Hope this helps.
  • Does everybody else have access out? Is this one of those MSProxy's? If other people don't have access out, then I'm afraid I can't help simply because of the fact that you are on an equal plane as everyone else. But, if it is an MSProxy, you can install the proxy client for the mac. You will be able to have almost seemless internet access.

  • I don't know much about a Mac's networking ablities but isn't there a header that will allow you to access the outside through HTTP even if it's not a HTTP request? I forget what it was, maybe I'm thinking of something else even?

    Failing that, how about PPP over HTTP? You could setup a server outside of the firewall and set PPP over POST requests. Could that not be done with a bit of hacking? If it cannot be done on the Mac could it be done in Linux? You could always install Linux on your computer.

    Like I said I don't know much about the TCP/IP stack on the Mac or Linux, for that matter, so this might not even be possible.
  • At least, version 4.1 can. In the transport section of the QT cpanel you can tell it to use TCP port 80 (HTTP),instead of the usual UDP 5970-5999 (RTSP). If you need QT 4.1, go to http://www.apple.com/quicktime/download/support/ to get the stand-alone installer instead of the annoying internet-based installer. (It's about 8M)

    For other means of getting through, you could ask around for a shell account that you can connect to via port 80. (Preferably with SSH.)

    Boy, I would sure love to be hired to play Yahoo games and trade MP3s all day. Wait, you mean that's not what you've been hired to do? ;-)
  • Why the hell was this moderated down? It's a valid point.

    .iMMersE
  • I dont know about the mac.. but doesn't the napster client allow u to select a data port?
    wonder if u could just set that to 80 and have things work... worth a shot
  • That won't help with a proxy.
  • Your issue seems to be your employer has limited your access to the internet. Unless you've left something out of your message it's irrelevant whater or not you're on a Mac.

    As I see it you have four choices:

    1. Accept that your employer has made a decision about how they want their computers on their network used by their employees on time they're paying for to use their internet connection.
    2. Speak to your Manager, IS Administrator, whomever is appropriate and request greater access. Be prepared to provide a business-relatad justification for the greater access.
    3. Try and get around the policies that have been established, run various applications through non-standard ports etc. and generally subvert your employers policies. Don't be suprised the day someone twigs what you're attempting to pull and you find yourself abruptly terminated for cause.
    4. Leave the company for someplace with policies more to your liking. Frankly if getting unfettered 'net access during working hours is so critical to you I'd worry about loosing perspective but hey, it's your call. I just wouldn't try to explain to a potential employer that you left your previous job for this reason...
  • I work at a company where we keep the firewall pretty tight (and we just loosened it to allow outbound telnet - something I thought I'd never see) as well as take other security issues in mind (we consider running non-standard/non-supported software a security risk). Have you consulted your company's Internet usage guideline? I know for a fact our specificaly limits all non-work related computer use to surfing the web during lunch and nothing else is permitted. You might want to consider that someone put that firewall there so you can't do these activities for a reason - they don't want you to. Now, I'm the first person to complain about these rules, but it's not my job to stand up and get my head cut off I just enforce policy and go home. They own the machines, the CAT5, the routers, and pay for the Internet hookup. Like it or not, they have the right to say what you can and can not do with their property. Don't like it - quit - it's a lot nicer than getting fired...
  • it wasn't moderated down

    AC posts start at 0

    if it were moderated down, it'd be at -1

    *smacks you*
  • OK, OK, I'm a dick!

    .iMMersE
  • Failing that, how about PPP over HTTP? You could setup a server outside of the firewall and set PPP over POST requests. Could that not be done with a bit of hacking?

    Yes. See www.nocrew.org/software/httptunnel.html [nocrew.org].

    This appears to be for Linux, btw.

While money can't buy happiness, it certainly lets you choose your own form of misery.

Working...