GIT at work with a corporate firewall

Gamer's Internet Tunnel, formerly Gamer's IPX Tunnel

GIT at work with a corporate firewall

Postby TacoHead » Mon Nov 22, 2004 9:09 pm

Hello,

We are trying to connect to a remote GIT server, on the internet, setup to be a TCP listen server. GIT is running on the server with IP forwarding to port 80. (GIT is set to listen on port 80 as well.) The client is behind a corporate firewall that blocks UDP packets and basically only lets traffic out thought HTTP port 80.

We tried all conceivable combinations in GIT with no luck. (We poured over the readme/forums and tried the various settings.) The listen server was logging the client's TCP and ICMP forwards as "OK". But he could never ping the GIT server.

Again, the GIT server has IP forwarding for port 80, so as to match the outgoing HTTP request from the client. Maybe this doesn't matter for the server, but the corporate firewall might not like anything other than port 80. BTW - the firewall does not use a proxy.

I did read this post:

viewtopic.php?t=178&highlight=80

Maybe, because the packets are not true HTTP, the firewall blocks the return. But then why was the client getting OK back as well for TCP and ICMP?

The basic idea is like this:

(client) -> (corporate firewall HTTP port 80) -> (GIT listen server) -> (Game Server)

and the return:

(Game server) -> (GIT listen server) -> (corporate firewall HTTP port 80) -> (client)

So that GIT only acts a bi-directional data stream tunnel. Once established, the connection can pass data back and forth through the HTTP connection port.

Is this possible with GIT?

Thanks.
TacoHead
 
Posts: 3
Joined: Mon Nov 22, 2004 8:24 pm

Postby Ark » Mon Nov 22, 2004 9:14 pm

Unless the firewall requiring your port 80 use requires HTTP shaped traffic, that should work just fine. Does GIT report that it is in the connected state in the connection status window on each end? Are you using TCP listen and TCP connect on each respective GIT side?
Ark
Site Admin
 
Posts: 2108
Joined: Sat Sep 13, 2003 4:21 pm

Postby TacoHead » Mon Nov 22, 2004 9:38 pm

Hmm, didn't check the client, but the server had the connect status. I assumed because the client was getting incoming and forwarded messages that they were connected.

The server is using TCP listen and the client TCP connect. We were using ping as a simple check after getting tired of launching the game over and over. Ping should work if both are truly connected, right? (We have GIT set on both sides to forward TCP/UDP/ICMP)

It may be the case that the firewall is checking packet headers to see they are HTTP in nature, but I'm not sure.

BTW – the game is HL2.

Thanks.
TacoHead
 
Posts: 3
Joined: Mon Nov 22, 2004 8:24 pm

Postby Ark » Mon Nov 22, 2004 9:44 pm

If connection status says connected then you are connected with GIT to GIT. From there, GIT will tunnel whatever you tell it to and work as you set it up to work. Make sure you both have the latest version of GIT. Try 0.99 BETA 3 to be sure.

See if the connection status says last packet received, and check the incoming log (enable it first) to make sure something is getting through. If not, your firewall or something is blocking it or not set up right still.

There is no guarantee that even PING will work just because you forward ICMP. You may need ARP as well. Your network configuration could prevent PING from working. You probably need to be on the same subnet for that. Make sure there are no IP conflicts between the two different subnets, etc. We can not help you troubleshoot your LAN settings since each network is different.
Ark
Site Admin
 
Posts: 2108
Joined: Sat Sep 13, 2003 4:21 pm

Postby TacoHead » Mon Nov 22, 2004 10:08 pm

We're both using v0.98. Where do we get v0.99 BETA 3? I didn't see a download link on your site.

Thanks.
TacoHead
 
Posts: 3
Joined: Mon Nov 22, 2004 8:24 pm

Postby Ark » Mon Nov 22, 2004 10:22 pm

Ark
Site Admin
 
Posts: 2108
Joined: Sat Sep 13, 2003 4:21 pm


Return to GIT

Who is online

Users browsing this forum: No registered users and 28 guests

cron