[lug] Software demo through firewalls?

Shannon Johnston sjohnston at cavion.com
Wed May 22 11:24:20 MDT 2002 

Well, as a corporate FW admin I can offer my input.

There are really 2 options that the corporations have in their fw rules.
One is that they will allow outbound traffic from their networks on any
port and accept the return traffic as long as it matches a stateful
connection.
The other is that they proxy all outbound connections and severely limit
the privileges of the employees. The proxy would filter ALL traffic,
most likely limit it to port 80 HTTP traffic, and then disallow certain
packets for violation of network useage policy.

Don't even think that you would be able to convince a compitent admin to
open up the appropriate ports inbound.

With that in mind, if the client is allowed freedom outbound, there
really shouldn't be a problem as long as the connection originated from
internally.
If they are using a proxy, at the very least you would have to run the
VNC service on an allowed port (80), but I would still doubt it would
make it through the packet inspection. You may be out of luck there.


Shannon Johnston




On Wed, 2002-05-22 at 10:43, Glenn Murray wrote:
> Hi,
> 
> This gets around to being a Linux topic about half-way down.
> 
> We wish to demo our (soon to be open source) software in real time.
> We'd like our clients to see and hear it.  We have no budget, really.
> We can do the hearing part with a conference call, if necessary.
> 
> Given that the clients are behind corporate firewalls, is this
> physically possible?  All of them have web browsers, but we will
> probably not be able to ask them to install any software.  Is
> "streaming video" a way to do this?
> 
> I've been looking into using VNC for the seeing part.
> 
> VNC uses rfb protocol.  Clients can access a server directly on
> (default) port 5900 using a VNC viewer, or they can browse to port
> 5800 where a VNC mini-web server downloads a Java applet which acts as
> a viewer.
> 
> With the help of Peter Hutnick of this list (thanks!) I have been able
> to run VNC via x0rfbserver on port 80.  (That's the Linux part!) I was
> thinking that I would have more luck being accessible from behind a
> firewall when running on port 80 than on another port---or is this
> naive?  My question is really for network administrators who set up
> firewalls: what is the best way to accomplish what I am trying to do?
> 
> Thanks,
> Glenn Murray
> http://www.mines.edu/~gmurray
> 
> 
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list