Connecting Through Firewalls

FIRST DISCLAIMER - Any consequences of applying the following procedures to gain access to the internet go servers from behind a firewall are strictly and solely your own responsibility. In case of doubt, it is best to consult the system or network administrator responsible for the firewall. Sensei's Library does not take responsibility for reprimands, termination of contract or other punishments your boss may inflict on you.

SECOND DISCLAIMER - Certainly one and probably both of the below setups will reveal your go server username/password combination to a third party. Think about whether you can live with that and realise that any consequences of the abuse or misuse of your account on the go server are yours and yours only.

Method 1 - Socks2HTTP and Sockscap

Step 1

Install a program called Socks2HTTP on your PC. It will reroute socks protocol calls to the HTTP protocol. Point the rerouted HTTP calls to the HTTP proxy of the firewall. You can download a demo here http://www.totalrc.net/s2h/index.html.

Step 2

Install a program called Sockscap 32, which 'socksifies' any application. Add a new entry for your go client. Have Sockscap point to localhost and port 1080 as a socks server (where Socks2HTTP will pick it up - you get the picture).(Download here http://www.socks.nec.com/reference/sockscap.html or http://www.socks.permeo.com/Download/SocksCapDownload/index.asp)

Step 3

Launch Socks2HTTP, launch Sockscap, run the entry of your client, and it's as if there's no firewall in your way.

Method 2 - cliser

This one is untested, but as the principle is more or less the same, it should work as well. It has the additional advantage of requiring only one piece of software. Download cliser from the author's website. Start it up on your system (parameters are your HTTP proxy and the address and port of your favourite go server). Starting your preferred go client and logging in on localhost will redirect to the go server.

Method 3 - Your Freedom

After registering at Your Freedom and downloading the client, you can configure the software to connect to an external server via HTTPS.

After adding a "Local Port Forward" you can connect to go servers (such as KGS) by configuring your go client to connect to a local port.

Method 4 - SSH

This one is known to work with, at least, KGS: it's dependent on your having SSH shell access to an Unix (or similar) system outside your firewall.

Windows users can obtain a suitable SSH client through the cygwin suite of Unix tools; MacOS X and Unix systems have one provided.

Then, enter the following:

 ssh -l user remote-host -L localport:goserver:goserverport

(for example, I use "ssh -l adw27 poseidon -L 2379:www.gokgs.com:2379"), and configure your client to connect to localhost:localport instead of the remote server's IP and port. It's worth noting that this will expose your Go server username and password, potentially, to the root user of the system you're forwarding through. However, traffic between your machine and said forwarding box will be encrypted.

Malweth This should work with any server, as long as the client can be pointed at localhost. (It does work for IGS). The easiest method is using PuTTY, a free SSH client.

As specified above, this requires an SSH server that allows port forwarding. The KGS Issue SSH Tunnel page explains how to set up PuTTY and an SSH server (if you have broadband with a fairly static IP address). Another place you might already have an SSH server is via a *nix based web server (fuitadnet works). This will add to your monthly bandwith usage, but go servers are fairly low BW (unless you're streaming audio?)

The settings for each of the major servers are:

   Server  <source port> <Destination>
   KGS:    2379          goserver.gokgs.com:2379
   IGS:    7777          igs.joyjoy.net:7777
   IGS:    6969          igs.joyjoy.net:6969
   NNGS:   9696          nngs.cosmic.org:9696

You can put all of the servers you frequent into the same PuTTY configuration and you should be able to connect to all at the same time.

Meteoro? 20-JUN-2007: After several failed attempts, I finally managed to connect to KGS using openssh and putty as described above, via my home PC which has a static IP ADSL connection. I am using port 443 to get out of my corporate LAN.

If you want to know if the port you want to use at work/school is open to the internet, just open a cmd in windows, then:

telnet your_home_ip_address port

- If you get a timeout, or an error: A firewall is probably blocking the connection. Make sure you have an exception set for your port if you are using firewall software on your PC at home.

- If you get a solid black screen, or some garbled characters: you are lucky: probably you are connected. Type <Ctrl><Right Bracket> to get the telnet prompt, then type "quit".

The key issue is setting the putty and ssh options right:

• On your server:

- After installing openssh, create the passwd and group files in etc directory as explained in KGS Issue - SSH Tunnel.

- Change etc\sshd_config to use your chosen port (in my case, 443).

- Start the service: net start opensshd

• On the client, download end execute putty, then:

Host name: Your home public IP address

Port: 443 (for example)

Under Connection>SSH>Tunnels, add a new forwarded port:

Source Port: 2379

Destination: goserver.gokgs.com:2379

(leave the defaults "Local" and "Auto").

Clik "Open" button to create the tunnel. You will be prompted for a user/password of your home server (any standard user should work). This gives you a PUTTY shell on your home PC. Minimize it.

• Open CGOGAN. Change the Configuration to connect to 127.0.0.1 instead of goserver.gokgs.com. Connect.

That's all. If you get any errors, double check everything to make sure you didn't misconfigure anything.