freshbytes.com.au

[weedman]

My fellow Calvin students,

We have a situation in our midst. A situation which *none* of us have ever encountered. A dedicated proxy box, with port filtering.
Below is a diagram of the apparent network at this time:

|internet|
|
|
<proxy box>
|
|
<CST VPN> (not confirmed, but a high possibility)
|
|
<Calvin router>
|
____|____
|Switch(es)|
|
-------------------------
| | |
(computer labs)

(I know, it's not a great diagram, but it works )
The Problem: The old setup (getbusi) blocked sites/IP addresses. All done via a software app (squid/getbusi).
The new setup uses a dedicated proxy/port filtering box. This appears to be a learning proxy/port filtering box. SSL (port 443) has already been blocked. The authentication is LDAP, which appears to be a little buggy at this time, especially in combination with samba.

What we found: Gmail is blocked, as it requires SSL for authentication. This is unacceptable. Bling found a workaround using another site, but I cannot remember what it was, and it is likely that it will get blocked eventually.

The solution: Well, there are a few applications that are available for this. Online proxys are pretty much well out of the question (they were used by too many people last year to access utter crap, like pr0n and Youtube [no offense meant to those who used YT]). Our (real) options are:

1. Ask for port 443 to be unblocked unconditionally.
The likelyhood of that working is 0. I doubt they'll unblock it, especially given the reason why.

2. Use my home VNC Server (weedman.isa-geek.org) for our browsing needs.
That is, if we can get the Java VNC client to work through a proxy. I have the Java applet setup server-side, so it will work. Remember that the upload speed is limited, so it's not going to be brilliantly fast, but useable. Not multi-user friendly, except for shared VIM!

3. Setup tor on beowulf.
I'm not kidding. I'm not 100% sure how that would work, but it might be possible. Not sure about the port blocking problem and this. It probably wouldn't work with more than one user.

4. Setup a SSH tunnel.
I rekon that might be our only option if VNC fails. Either setup it on a local machine, or through beowulf.

5. If all else fails, use the old proxy route.
I hate this, but we might be forced to do it.

#6. Suggest something!

I think we'll probably become more desperate over the next few months.
What should we do?

Chris J.
(weedman )

[jawapro]

Poor little students who cant access their email at school....

Here's a quote from a website that might help you out.

Can I run VNC over a port normally used for a standard service? (eg. port 21, or port 80)
In rare circumstances, people may want to do this, perhaps because they have a firewall which only allows connections to certain ports. This can be done, at least for the Windows and Unix servers (see their documentation), but the following points need to be borne in mind:

* On some systems (eg. most forms of Unix), ordinary users are not allowed to run servers on ports below 1024.
* You obviously can't run a VNC server on a port that's already being used for other things.
* Many VNC servers use two ports: one for the VNC server, and one for the HTTP server that provides the Java applet (see previous question). If you plan to use the Java viewer, you may want to change both. Not all servers will allow this at present.
* You need to tell the viewer the right display number. Normally, display numbers come between 0 and 99. If you specify any number smaller than 99, the viewers add 5900 to get the port number. If you specify a larger number, the viewers take it as a port number directly. So how do you use port numbers lower than 99? You have to specify a negative display number! For example, to connect to a server running on port 80 on machine 'snoopy':

vncviewer snoopy:-5820

because -5820 + 5900 = 80. This may not work with all viewers, but Unix and Windows seem to be fine.

- http://www.fifi.org/doc/vnc-common/faq.html

[bennyling]

Hmmm...

It seems like a good idea, but after discussion with Chris, it seems as if that network protocol doesn't honour the proxy in some way...

I'll let him explain it a bit better.

[Darth Strawberry]

getting to youtube is a simple as using au.youtube.com or when that gets blocked uk.youtube.com then we can go off into other languages. simple! always a way around it. and gmail chat is accesible through meebo.com

[bennyling]

Gmail chat isn't actually accessible at all anymore, hence mibbit.com, with Freenode IRC, #mehnux.

[bennyling]

What exactly is going on?

The proxy box desn't work - it's not managed by CST anyway.

As for GetBusi - we should petition to bring it back. Sure, it had numerous flaws, but still - at least it worked!

Well, if there's one thing that has come out of the new proxy method - it's that we don't have pages like this one on Wikipedia.

http://en.wikipedia.org/wiki/User_talk:210.15.194.58