company blocking ports?

Need help? Post your questions here.

company blocking ports?

Unread postby gurutech » 27 Apr 2014, 04:41

I just started a new job, and of course, I want to be able to listen to music while I'm working, so I bring up my browser at work and try to go to my Madsonic site. I have tried IE and Firefox, but cannot get to my site from either browser.

I can get to my site using the Madsonic app on my phone, so I know there's nothing wrong with my site itself.

I'm assuming the company is blocking port 4040 (or blocking all ports except 80 and 443). Is there a way that anyones knows of that will let me "trick" the browser into thinking that all Madsonic traffic is going over port 80 or 443 instead of 4040?

If this helps - there's no proxy server configured in either browser. The only difference is that I'm connected to the "guest" wifi on my phone, and I'm hard-wired to the network from my work computer.
gurutech
Contributor
Contributor
 
Posts: 325
Joined: 02 Jan 2013, 04:56
Has thanked: 12 times
Been thanked: 131 times

Re: company blocking ports?

Unread postby GJ51 » 27 Apr 2014, 05:01

I've seen this type of problem reported many times, but I'm not sure it's ever been answered definitively. I think there is a lot of confusion on the topic and I'll be the first to admit that I may not fully understand it.

First, I think that there may be more than one way that an employer blocks web traffic and it may not be clear in any given instance that port blocking is actually the method used at any given location.

Second, if port blocking is used, I don't understand how it works on a browser. My understanding is that just because you're requesting port 4040 on the Subsonic end, it doesn't automatically follow that the browser is also using the same port at the remote end where the browser is making the request. My impression is that a browser opens a random available port to make a request and that the router keeps track of that port to properly answer the request. Therefore, the Subsonic port used should only have significance for the Subsonic host network, not the site making the request for data. I may be wrong, but I've posed this theory many times and have never heard a reasonable argument to the contrary.

I have seen instances where users reported that some work sites appeared to monitor traffic content and were able to block streaming music. Some users were able to work around that method by using an ssl connection that disabled the receiving end to detect the content.

There is also the possibility of a work site using a white list/black list approach to control browsing, in which case I don't see any possibility of getting around that other than using your mobile device.

HTH - I also hope someone else has a better explanation.
GJ51
Contributor
Contributor
 
Posts: 194
Joined: 15 Dec 2012, 17:52
Has thanked: 68 times
Been thanked: 106 times

Re: company blocking ports?

Unread postby GJ51 » 27 Apr 2014, 05:19

I just did some testing on a site that uses port 8443 at that end. Opening Resource Monitor on my PC and looking at the Network Traffic it reports the browser connecting to the Remote port correctly but using ports 1997 and 2003 on the local side (my PC). Looking at my Advanced Firewall Settings, it does appear that you can enable specific remote ports. So I guess it is possible for a good firewall to restrict access to only particular remote ports, in which case you would have to use 80 or 443 on your Subsonic Server in order to get it onto your desktop at work.

Seems a bit extreme to block all ports but 80 and 443, but I guess it can be done. Looking at my router (obviously not an edge server) it would require making 3 entries. Block 1 - 79 and then 81 - 442, and then 444 - 65535 for all ip addresses. this would then get more complicated if a company had other needs to connect to sites or services that used ports other than 80 or 443. Let's think Skype, email, and anything else that uses other ports here.

I guess there may be some network management tools that could control this in a way that makes it easier, but I haven't seen them.

Google Chrome for instance connects to 173.194.76.125 on port 5222

http://www.herdprotect.com/ip-address-1 ... 6.125.aspx

173.194.76.125
qc-in-f125.1e100.net

IP Address Information
The Internet Service Provider (ISP) that owns the network address of 173.194.76.125 is Google Inc. and located in California within the United States. The IP Address resolves to the DNS record of qc-in-f125.1e100.net. This IP belongs to Google and resides on their public network "1e100.net is a Google-owned domain name used to identify the servers in our network. Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol)".

It just seems to me that it would be very difficult to which ports need to be blocked and which need to be open for normal operation.

Compound the problem that background services can use port 80 pretty clandestinely and you have to ask yourself what good does port blocking do. I have a TCP connection amazonaws.com using port 80 that I had no idea was there.

Open Resource Monitor and look at TCP Connections on the Network tab and you'll find all manner of goodies you probably weren't aware of; and I use a lot of preventive measures including MS Security Essentials, Malewarebytes Pro and MVPS hosts file blocker.

So that's all I can find on the topic. I'd love to get some good feedback from someone who knows more about it than I do.
GJ51
Contributor
Contributor
 
Posts: 194
Joined: 15 Dec 2012, 17:52
Has thanked: 68 times
Been thanked: 106 times

Re: company blocking ports?

Unread postby gurutech » 29 Apr 2014, 03:18

Well, I found a workaround....

Download bluetooth drivers from the laptop manufacturer's website and install them (Win7 wouldn't auto-install them as there is a policy in place to never install driver updates...)

Then I connect my phone to the laptop via bluetooth, and stream my music that way...
gurutech
Contributor
Contributor
 
Posts: 325
Joined: 02 Jan 2013, 04:56
Has thanked: 12 times
Been thanked: 131 times

Re: company blocking ports?

Unread postby gurutech » 15 May 2014, 03:36

Trying this again.... I was able to get to the demo.madsonic.org site with no problems (other than not being able to login), so I'm not sure the issue is with port 4040 itself.

I'm using no-ip.com as amy redirector, but I also tried my xxxxxxxxxx.subsonic.org address, which didn't work either.

I've thought about just doing a port forward on my router to go from port 80 on the WAN side to port 4040 on the LAN side, which I know I can do, but not sure it would work. I guess the only way to find out is to test it. The only problem I have is that I don't necessarily want port 80 opened on the WAN side.

Anyone know what port the demo.madsonic.org site uses?
gurutech
Contributor
Contributor
 
Posts: 325
Joined: 02 Jan 2013, 04:56
Has thanked: 12 times
Been thanked: 131 times

Re: company blocking ports?

Unread postby Madevil » 15 May 2014, 08:02

hi there,

i know the problems with blocked ports by company, i have the same problems. :?
So i device to redirect the local Madsonic port 4040 trough the port 80 to get the best compatibility for all.

You are right, the site http://demo.madsonic.org use port 80. Maybe you have a free opened guest-WLAN or something else?

best regards
User avatar
Madevil
Administrator
Administrator
 
Posts: 942
Joined: 07 Dec 2012, 03:58
Has thanked: 1339 times
Been thanked: 964 times

Re: company blocking ports?

Unread postby asianflavor » 02 Jun 2014, 17:55

If you want to see what ports are open at your company, go to t1shopper[.]com (Just remove the bracket around the dot, still a newb to post URL). They have an online port scanner. You can plug a range of numbers or a specific port to see what is open. But if you can forward your WAN port 80 to LAN 4040, why not just make it all on port 80. If you are not running an intranet in your local network, that would the easiest fix to your access problem.
asianflavor
 
Posts: 3
Joined: 26 Apr 2013, 21:57
Has thanked: 0 time
Been thanked: 2 times

Re: company blocking ports?

Unread postby gurutech » 03 Jun 2014, 22:58

That was my plan, until I remembered that my ISP blocks port 80 (and 25).

Haven't tested 443 yet, but I'm not sure about certificates, so I think I'm going to stick with what I have now, which is the iSub app on ipad, and Madsonic on Android. I can connect to the company's "guest" wifi with no blocking, and that's how I listen to my music at work. Not ideal, but it works.
gurutech
Contributor
Contributor
 
Posts: 325
Joined: 02 Jan 2013, 04:56
Has thanked: 12 times
Been thanked: 131 times

Re: company blocking ports?

Unread postby DoCC » 19 Jul 2014, 23:26

ask a friend of yours to set up an apache proxy ...

proxypass and proxypass reverse ... works like a charm ...

my internal setup looks like this :

<VirtualHost 192.168.2.5:80>
ServerName music.power-server.at
ProxyPass / http://192.168.0.3:4040/
ProxyPassReverse / http://192.168.0.3:4040/
</VirtualHost>

if the apache has the needed mods enabled, you can adjust this as you need.
User avatar
DoCC
Contributor
Contributor
 
Posts: 210
Joined: 25 Feb 2014, 14:41
Location: UpperBavaria : ))
Has thanked: 41 times
Been thanked: 71 times


Return to Support 5.x

Who is online

Users browsing this forum: No registered users and 1 guest