company blocking ports?

Need help? Post your questions here.
gurutech
Contributor
Contributor
Posts: 323
Joined: 02 Jan 2013, 04:56
Has thanked: 11 times
Been thanked: 105 times

company blocking ports?

Unread post by gurutech »

I just started a new job, and of course, I want to be able to listen to music while I'm working, so I bring up my browser at work and try to go to my Madsonic site. I have tried IE and Firefox, but cannot get to my site from either browser.

I can get to my site using the Madsonic app on my phone, so I know there's nothing wrong with my site itself.

I'm assuming the company is blocking port 4040 (or blocking all ports except 80 and 443). Is there a way that anyones knows of that will let me "trick" the browser into thinking that all Madsonic traffic is going over port 80 or 443 instead of 4040?

If this helps - there's no proxy server configured in either browser. The only difference is that I'm connected to the "guest" wifi on my phone, and I'm hard-wired to the network from my work computer.
GJ51
Contributor
Contributor
Posts: 192
Joined: 15 Dec 2012, 17:52
Has thanked: 42 times
Been thanked: 83 times

Re: company blocking ports?

Unread post by GJ51 »

I've seen this type of problem reported many times, but I'm not sure it's ever been answered definitively. I think there is a lot of confusion on the topic and I'll be the first to admit that I may not fully understand it.

First, I think that there may be more than one way that an employer blocks web traffic and it may not be clear in any given instance that port blocking is actually the method used at any given location.

Second, if port blocking is used, I don't understand how it works on a browser. My understanding is that just because you're requesting port 4040 on the Subsonic end, it doesn't automatically follow that the browser is also using the same port at the remote end where the browser is making the request. My impression is that a browser opens a random available port to make a request and that the router keeps track of that port to properly answer the request. Therefore, the Subsonic port used should only have significance for the Subsonic host network, not the site making the request for data. I may be wrong, but I've posed this theory many times and have never heard a reasonable argument to the contrary.

I have seen instances where users reported that some work sites appeared to monitor traffic content and were able to block streaming music. Some users were able to work around that method by using an ssl connection that disabled the receiving end to detect the content.

There is also the possibility of a work site using a white list/black list approach to control browsing, in which case I don't see any possibility of getting around that other than using your mobile device.

HTH - I also hope someone else has a better explanation.
These users thanked the author GJ51 for the post:
Madsonic
Rating: 7.69%
GJ51
Contributor
Contributor
Posts: 192
Joined: 15 Dec 2012, 17:52
Has thanked: 42 times
Been thanked: 83 times

Re: company blocking ports?

Unread post by GJ51 »

I just did some testing on a site that uses port 8443 at that end. Opening Resource Monitor on my PC and looking at the Network Traffic it reports the browser connecting to the Remote port correctly but using ports 1997 and 2003 on the local side (my PC). Looking at my Advanced Firewall Settings, it does appear that you can enable specific remote ports. So I guess it is possible for a good firewall to restrict access to only particular remote ports, in which case you would have to use 80 or 443 on your Subsonic Server in order to get it onto your desktop at work.

Seems a bit extreme to block all ports but 80 and 443, but I guess it can be done. Looking at my router (obviously not an edge server) it would require making 3 entries. Block 1 - 79 and then 81 - 442, and then 444 - 65535 for all ip addresses. this would then get more complicated if a company had other needs to connect to sites or services that used ports other than 80 or 443. Let's think Skype, email, and anything else that uses other ports here.

I guess there may be some network management tools that could control this in a way that makes it easier, but I haven't seen them.

Google Chrome for instance connects to 173.194.76.125 on port 5222

http://www.herdprotect.com/ip-address-1 ... 6.125.aspx

173.194.76.125
qc-in-f125.1e100.net

IP Address Information
The Internet Service Provider (ISP) that owns the network address of 173.194.76.125 is Google Inc. and located in California within the United States. The IP Address resolves to the DNS record of qc-in-f125.1e100.net. This IP belongs to Google and resides on their public network "1e100.net is a Google-owned domain name used to identify the servers in our network. Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol)".

It just seems to me that it would be very difficult to which ports need to be blocked and which need to be open for normal operation.

Compound the problem that background services can use port 80 pretty clandestinely and you have to ask yourself what good does port blocking do. I have a TCP connection amazonaws.com using port 80 that I had no idea was there.

Open Resource Monitor and look at TCP Connections on the Network tab and you'll find all manner of goodies you probably weren't aware of; and I use a lot of preventive measures including MS Security Essentials, Malewarebytes Pro and MVPS hosts file blocker.

So that's all I can find on the topic. I'd love to get some good feedback from someone who knows more about it than I do.
These users thanked the author GJ51 for the post:
Madsonic
Rating: 7.69%
gurutech
Contributor
Contributor
Posts: 323
Joined: 02 Jan 2013, 04:56
Has thanked: 11 times
Been thanked: 105 times

Re: company blocking ports?

Unread post by gurutech »

Well, I found a workaround....

Download bluetooth drivers from the laptop manufacturer's website and install them (Win7 wouldn't auto-install them as there is a policy in place to never install driver updates...)

Then I connect my phone to the laptop via bluetooth, and stream my music that way...
gurutech
Contributor
Contributor
Posts: 323
Joined: 02 Jan 2013, 04:56
Has thanked: 11 times
Been thanked: 105 times

Re: company blocking ports?

Unread post by gurutech »

Trying this again.... I was able to get to the demo.madsonic.org site with no problems (other than not being able to login), so I'm not sure the issue is with port 4040 itself.

I'm using no-ip.com as amy redirector, but I also tried my xxxxxxxxxx.subsonic.org address, which didn't work either.

I've thought about just doing a port forward on my router to go from port 80 on the WAN side to port 4040 on the LAN side, which I know I can do, but not sure it would work. I guess the only way to find out is to test it. The only problem I have is that I don't necessarily want port 80 opened on the WAN side.

Anyone know what port the demo.madsonic.org site uses?
User avatar
Madsonic
Administrator
Administrator
Posts: 984
Joined: 07 Dec 2012, 03:58
Answers: 7
Has thanked: 1201 times
Been thanked: 470 times

Re: company blocking ports?

Unread post by Madsonic »

hi there,

i know the problems with blocked ports by company, i have the same problems. :?
So i device to redirect the local Madsonic port 4040 trough the port 80 to get the best compatibility for all.

You are right, the site http://demo.madsonic.org use port 80. Maybe you have a free opened guest-WLAN or something else?

best regards
asianflavor
Posts: 3
Joined: 26 Apr 2013, 21:57
Has thanked: 0
Been thanked: 2 times

Re: company blocking ports?

Unread post by asianflavor »

If you want to see what ports are open at your company, go to t1shopper[.]com (Just remove the bracket around the dot, still a newb to post URL). They have an online port scanner. You can plug a range of numbers or a specific port to see what is open. But if you can forward your WAN port 80 to LAN 4040, why not just make it all on port 80. If you are not running an intranet in your local network, that would the easiest fix to your access problem.
gurutech
Contributor
Contributor
Posts: 323
Joined: 02 Jan 2013, 04:56
Has thanked: 11 times
Been thanked: 105 times

Re: company blocking ports?

Unread post by gurutech »

That was my plan, until I remembered that my ISP blocks port 80 (and 25).

Haven't tested 443 yet, but I'm not sure about certificates, so I think I'm going to stick with what I have now, which is the iSub app on ipad, and Madsonic on Android. I can connect to the company's "guest" wifi with no blocking, and that's how I listen to my music at work. Not ideal, but it works.
These users thanked the author gurutech for the post:
Madsonic
Rating: 7.69%
User avatar
DoCC
Contributor
Contributor
Posts: 211
Joined: 25 Feb 2014, 14:41
Has thanked: 40 times
Been thanked: 65 times

Re: company blocking ports?

Unread post by DoCC »

ask a friend of yours to set up an apache proxy ...

proxypass and proxypass reverse ... works like a charm ...

my internal setup looks like this :

<VirtualHost 192.168.2.5:80>
ServerName music.power-server.at
ProxyPass / http://192.168.0.3:4040/
ProxyPassReverse / http://192.168.0.3:4040/
</VirtualHost>

if the apache has the needed mods enabled, you can adjust this as you need.
These users thanked the author DoCC for the post:
Madsonic
Rating: 7.69%
Post Reply