[SATLUG] Blocked ports on college campus

John Pappas j at jvpappas.net
Tue Oct 21 14:35:06 CDT 2008

On Tue, Oct 21, 2008 at 13:14, Samuel Leon <satlug at net153.net> wrote:

> Just recently St. Phillips only allows outgoing connections to destination
> ports 80 and 443 on their public wifi.  So that means no irc, no instant
> messaging, no email, and no SSH.  This can't be!  To my knowledge I only
> have 2 options, ssh or vpn.  I do have one remote server that has a free
> port 80 open so I can get ssh listening on that (to connect with ssh -D) or
> some kind of vpn software.  I am not sure which would be easier.  If I use
> vpn I would like to use ipsec but I don't have to.  I am also afraid that
> with vpn it would have to be tied in with the ip address on my laptop which
> might change subnets depending on which access point I am connected to at
> college.

This may not completely address your issue, but you could use Ulteo or
g.ho.st (http://g.ho.st/?language=en) for an online desktop via http/s
ports, then surf/email/etc from those systems.

I am not surprised that they block SSH.  That port makes it nearly trival to
bypass any perimeter security.  I use it all the time to tunnel to my
personal squid proxy so that I can have unfettered/unmonitored web access.
I usually do not need the other ports, as I try to keep all my services
web-accessible.  If I do need other things, I use SSH to tunnel NX to my
systems, then use the apps from there.

There are several SSL VPNs that could probably limit traffic to 80/443. For
example, OpenVPN can use a HTTP proxy for its work, so that would limit
"last-mile" ports to 80/443.

Good luck!

More information about the SATLUG mailing list