Firewall Problems
 

Hy I also live beheind a Firewall (University) but I have
Http-tunnel client. I can download with Kazaa but not with Limewire! Can everyone help me!!

Txs

Also can you explain where can i choose the options for Tcp:

"you must open the tcp ports
64512 and 6346-6348
outbound traffic"

Normally you can choose something like 1.00.0.0. or so.

Txs

u said u can download w/ http-tunnel and kazaa. i have both those programs, but i have no idea how to get it to work. i have the same problem w/ school firewall. please help

Haha, same problem!

Can anyone help on how to get around a firewall?
I've tried the force IP address? Does that do anything...

I hate university firewalls, everyone can use Kazaa but not Limewire.

I'm by no means an expert in networking, but I do know some facts that I should explain about port numbers.

A server is a program with an IP address that communicates over a port number. Interestingly, there can only be one instance of each port number on a given server. Higher-level constructs such as socket objects build on this same infrastructure. For that reason, there exists special socket objects that specifically request a dedicated socket for a client. The server is typically listening on one port number, but can create additional port numbers at will.

Limewire is listening, by default on port 6346, but the actual uploading of files takes place on a random port number that isn't reported to you. And if you're behind a firewall, then the firewall blocks requests from he outside to address one of your port numbers directly. The firewall does this by not giving your whole computer an IP address, the way a computer would have an IP address without a firewall. This gives you security in that outside programs can't send instructions to trojan programs on your computer, and outsiders can't access your servers, that are only supposed to make resources available to members of your own LAN.

If your Gnutella Client is behind a firewall, and an outside user wants to download a file, then by default he can't address port number 6346 on your program, and needs to request that your program create a port specifically to communicate with him. Programs behind a firewall can create a channel with its own port number, directed outward through a firewall. But to make your program aware of the request, the other user might have to use what's called a "push", which I am guessing sends his request through your peers. Your connections to your peers also have port numbers.

But if both computers are behind the firewall, the problem becomes that a new connection can't be formed because neither computer can tell the other to call it back.

You can tell the firewall to create a tunnel, which directs all messages intended for a port number to a specific IP address that exists locally, and you can tell the program to force this IP address. If the addreses match, it becomes possible for each program to send a request for a transfer directly to the other one.

Your real problem is that you can't see "if the forced IP address is doing any good." You don't know whether Limewire is receiving requests to this port number in fact. There exists a Windows utility named "Netstat" which is a command that you can type in from the Start Menu Run command. And it will show you if Port 6346 is listening or not. And you will see that it's not a TCP protocoll port. Netstat lists it as a UDP port. And for that reason your Winsock information also doesn't notice it as a server, because it really isn't a permanent server. It's just a transient point of reference.

And I'm sure that even though you've told Limewire to force an IP address, it continues to accept push requests. It doesn't report statistics about how often it receives messages to that port either way. One way to check would be to look at your firewall statistics, to see if there are messages reaching this destination (in my words). My own firewall is a piece of hardware that doesn't give me the same statistics either. The manager of the firewall or the LAN is supposed to look in to that.

Dirk

Creating a socket is a question of the originating program opening a port number (that may as well be random) and instructing it to send a request to the listening port on the receiving program or computer. The receiving port number then hands off the connection to another port number there. If your program is behind a firwewall, then it cannot receive such a request. It can receive a request from a peer to create a socket to your program, but if your program is also behind a firewall, then the communication is layered on top of a system of protocolls that are not able to establish a connection in either direction.

I have never used Tunnel Clients. But there are low-level limits on what a client program can do if the firewall is an effective firewall. I'm guessing that most of you don't run the firewall in question. But if you can't change the behavior of the firewall, then you're limited to these push requests. A University usually doesn't let you configure their firewall, and the low-level process is as I wrote above, no matter what you layer on top of it. One of the two computers must be able to listen. And it can't if there isn't a tunnel to it implimented by the firewall. And a tunnel client program also cannot be listening unless it has a reserved port number with the firewall.

Dirk

(Oops.)

If your question is more precisely why KaaZaa works and Limewire doesn't, from behind a firewall that you don't create holes through yorselves, the simple answer could be that KaaZaa isn't truly serverless. I'm guessing that your Limewire has trouble connecting to its "Ultrapeers" when it starts up, from where it also cannot send a request to the other program (itself behind a firewall) to create a connection back to you. Or to peers through which other programs would ask for a connection to them, because your port is not listening.

With KaaZaa your client connects directly to a server, and this may help you out to start the ball rolling. I can watch as my program starts up, and I have trouble holding on to ultrapeers even though I do create an opening in my own firewall.

Dirk