Hi,

I've been reading alot about tunneling and http tunneling for security. I recently made a project post on a web site requesting someone to write a tcp central server which a desktop server app I have will connect to it and then clients connect through the central server. The purpose for this is to allow the pc server to run their server software without having to setup port forwarding if behind a router. This is because it makes an outgoing connection first that is then used.

Someone replied to me there saying that they use tunneling and no need for a middle server. Maybe there is something I still have to learn about tunneling but if one or both computers that want to connect are behind routers, how can you establish a direct tcp connection between the two?

Thanks

Warren

At least one of the routers has to forward the incoming port to the computer that has the program listening on that port. If both computers are running servers, both routers have to forward ports. (Only incoming [unsolicited] connections have to be forwarded.)

how does skype work behind firewalls .. ?

I don't use it, but it doesn't require UPnP (which opens ports automatically, if incorrectly and dangerously)? Or a port opened by the user?

Have look at the GotomyPc tutorials in my sig. You need not write your own tunneling software. That already exists. You need only have a single sever and use an SSH client such as putty to make the connection and handle the port forwarding.

The application using the tunnel woulod just connect as if it were a normal unsecure connection.

AL42 .. i just checkled and it does use an incoming port .. it must search for open ports .. it has a check mark as 80 and 443 alternatives for incoming connections .. then the main port is a long number in the 40Ks ..

ill check out putty .. thanks ..

AL42 .. i just checkled and it does use an incoming port .. it must search for open ports .. it has a check mark as 80 and 443 alternatives for incoming connections .. then the main port is a long number in the 40Ks ..The question is whether the docs tell you to open the port if you're behind a router, or if it requires a UPnP-capable router. 80 is, of course, http. 443 is ssl. Anything above 1024 is up for grabs. None of them is open for incoming connections by default. (No port is open for incoming connections by default.)

The question is whether the docs tell you to open the port if you're behind a router, or if it requires a UPnP-capable router. 80 is, of course, http. 443 is ssl. Anything above 1024 is up for grabs. None of them is open for incoming connections by default. (No port is open for incoming connections by default.)

The thing is .. i have 2 firewalls plus the Router .. and i havent opened either of those ports for incoming .. :confused: However Skype.exe is enabled in both firewalls .. Skype doesnt say to forward any ports .. in fact they brag about working behind firewalls .. ;)

Easy way - your client and the other client are both talking to a server somewhere - Skype's server. Their server is the only one that needs forwarded ports. Your client only does outbound requests. (You can get inbound data on an outbound request - you do it every time you download a file from the internet.)

so basically instead of Winsock TCP we need to use IP Protocols ..? Cause downloading from the internet is going though IP Protocols .. or can we still use Winsock .. and use UDP instead or some other method? Also my firewall blocks outgoing ports ... basically id like to know if it has been done before in VB6 ... ill search the forum and google a lil more and see what i find .. thanks for the assist so far ;-)

This is the only way that I can think of...

Client blocked by firewall/router ---(connects)--> Skype Servers <--(connected)--- Client X

Instead of the traditional Client to Client model, all the data is relayed through Skype servers. So, this way no client has to port forward on their routers to make the application work properly. Also, port 80 and 443 are open on some routers/firewalls by default (at least they are filtered, but not blocked totally). It is a security risk too if you think about it, because Skype can open their servers to big brother and he can listen to your conversation all he wants....without a warrent I might add :/. Makes you think about the next time you 'call' someone on Skype.

Honestly, I prefer a program called Ventrilo or Teamspeak, for the reason someone hosts it and not by the company who made the VoIP software. Both are way better for slower connection clients. I could use Ventrilo on dial-up and it was crystal clear, but I just couldn't do any web browsing. I tried Skype once and the voice quailty was so bad, and I couldn't find anywhere to change the codecs used.

Yes this has been done before, think of IM services, online gaming (not the servers though).

so basically instead of Winsock TCP we need to use IP Protocols ..?Winsock uses IP.
Cause downloading from the internet is going though IP ProtocolsDownloading is an OUTGOING request - you make the request to the server. If someone makes the request to your computer it's an incoming request and you have to have the listening port open to the world.
Also my firewall blocks outgoing portsEvidently not port 80, or you wouldn't have been able to post this. :) basically id like to know if it has been done before in VB6Sure - VB6 can listen - if the port it's listening on is open. Whether a program can be an internet server has nothing to do with the program - it has to do with whether an incoming request can get to the program.

Evidently not port 80, or you wouldn't have been able to post this.

no not port 80 outgoing, but that is IP protocol .. it does block all tcp ports though.

Also, port 80 and 443 are open on some routers/firewalls by default (at least they are filtered, but not blocked totally).I've never seen any router/firewall that forwards any port by default - what address would it forward it to?It is a security risk too if you think about it, because Skype can open their servers to big brother and he can listen to your conversation all he wants....without a warrent I might add :/. Makes you think about the next time you 'call' someone on Skype.The telcos can do that too, so the next time you need to have a conversation with someone that you must be guaranteed will remain private, make sure the trees in the woods aren't bugged. :)

no not port 80 outgoing, but that is IP protocol .. it does block all tcp ports though.Most routers block all INCOMING ports (they have to, by the very nature of NAT) but allow all OUTGOING ports, regardless of protocol.