No way to turn the firewalls of (or modify their configs)

Questions and Answers : Preferences : No way to turn the firewalls of (or modify their configs)
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Massimo_Orgiazzi

Send message
Joined: 13 Sep 04
Posts: 6
Credit: 15,212
RAC: 0
Italy
Message 946341 - Posted: 10 Nov 2009, 8:47:25 UTC

Hi all, a general question: if I can't turn a series of company firewalls off, but I'd like to get Seti@Home and BOINC on my office computer as a background activity that does not impact at all on the resources usage, being the computer just destined to me, could I maybe have the chance (in any way) to either manually download the workunits and upload them ? I feel that there is no way to change the company firewall restrictions... Many thanks,

Massimo
ID: 946341 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 946342 - Posted: 10 Nov 2009, 9:07:09 UTC - in response to Message 946341.  

http://setiathome.berkeley.edu/info.php

Run SETI@home only on authorized computers

Run SETI@home only on computers that you own, or for which you have obtained the owner's permission. Some companies and schools have policies that prohibit using their computers for projects such as SETI@home.



ID: 946342 · Report as offensive
Profile Massimo_Orgiazzi

Send message
Joined: 13 Sep 04
Posts: 6
Credit: 15,212
RAC: 0
Italy
Message 946343 - Posted: 10 Nov 2009, 9:10:47 UTC - in response to Message 946342.  

Yes, but would there be a method that allows a user to download manually a workunit so that he can give it to the software to process it ? I imagine there's not. Many thnaks,
ID: 946343 · Report as offensive
Profile Jord
Volunteer tester
Avatar

Send message
Joined: 9 Jun 99
Posts: 15184
Credit: 4,362,181
RAC: 3
Netherlands
Message 946349 - Posted: 10 Nov 2009, 9:29:19 UTC - in response to Message 946343.  

I am not going to help you get fired.
Ask permission of your boss first, then when he gives it, work with the IT department to get past all the firewalls/proxy servers.
ID: 946349 · Report as offensive
Johtaja

Send message
Joined: 17 Aug 99
Posts: 3
Credit: 255,543
RAC: 0
Finland
Message 954695 - Posted: 14 Dec 2009, 12:08:48 UTC

Hi

I ve same problem here. Becouse my company IT politic is bit difficult to change and i really want still run SetiAtHome on work with my own laptop, so i ask if there is any way to connect servers other way than straight via setiathome.berkeley.edu.

My boss has shown green light to my "needs" but i ve not any option to get support from our IT-department, becouse it working in other country :(

So if there is some other way to connect Seti-servers so i ll be happy. Any methods are fine:
- Different (mirrored) server address
- Free proxy/tunnel on internet
- some other way to do connection to Seti-servers...

Thx,
Pietro
ID: 954695 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 954697 - Posted: 14 Dec 2009, 13:10:36 UTC - in response to Message 954695.  

If it's your own laptop, why not download the workunits while at home before you go into work? That way you won't have to worry about company firewalls or server mirrors.

Otherwise, there is no other way to connect to the SETI servers unless your company sets up an alternative option for you.
ID: 954697 · Report as offensive
Johtaja

Send message
Joined: 17 Aug 99
Posts: 3
Credit: 255,543
RAC: 0
Finland
Message 954701 - Posted: 14 Dec 2009, 14:02:05 UTC - in response to Message 954697.  

I keep it on work almost full of time, all the cards and wires should stay on it becouse it is on testing use... No sense pick it often to my home..

I m "regular" freelancer nowaday, in fact.

So if there would be any way to connect servers without main/official internet addresses so it will be best solution to my problem. I ve heard that there should be some backports available to normal users too, is this rumour true or not?

I remember times when original SetiATHome apllication allowed this kind of connections straight to other than main servers. But nowaday when we live on BOINC-age, there is only one connection to all users. That suxs :(


Different Youngster,
Pietro

ps. Age is 39 ;)
ID: 954701 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 954747 - Posted: 14 Dec 2009, 16:40:11 UTC - in response to Message 954701.  

So if there would be any way to connect servers without main/official internet addresses so it will be best solution to my problem. I ve heard that there should be some backports available to normal users too, is this rumour true or not?


There are no other ports or "backports" available to use. Even if there were, you'd still have to open those ports through your firewall, so you'd be back at square one.

I remember times when original SetiATHome apllication allowed this kind of connections straight to other than main servers.


Those weren't "backports" but instead an open port to an alternate download server. Still, any communication to the servers require opening a TCP or UDP port in your firewall.

In theory, stateful firewalls sense when a packet is outgoing or incoming and will usually allow all outgoing communications. Since the BOINC client is the software that initiates communications from inside your network, and this is classified as outgoing communications, the comms are allowed to continue (even when the server returns comms from the outside). But if the comms are initiated from the outside (therefore an incoming comm), such as if the BOINC servers were to initiate comms (and they do not), then this behavior is blocked by the majority of firewalls.

Most businesses have industrial grade firewalls that block all traffic except that which the IT Admins specifically allow, which is why getting permission and help are so important. They know their network and they know their firewall. Most of the time, they will say "yes" to a request of running software but refuse to help knowing full well that the user will give up trying and forget the idea altogether (I know this as an IT Admin). In the end, this usually allows the Admin to save face without having to look like a Network Nazi, but still enforces a secure network while the ultimate answer is in fact a resounding 'no'.

But nowaday when we live on BOINC-age, there is only one connection to all users. That suxs :(


There is only a single TCP port used, which is all that should be necessary for any program. In the background, round robin DNS or server load balancing should take care of all internet requests without the user having to "specially" configure their machine, which isn't very user-friendly of a way to do things.

This also allows the project to focus on doing scientific work without having to manage communications set up on multiple servers. In that respect, BOINC has been a virtual God-send for the project Administrators.
ID: 954747 · Report as offensive
Johtaja

Send message
Joined: 17 Aug 99
Posts: 3
Credit: 255,543
RAC: 0
Finland
Message 954937 - Posted: 15 Dec 2009, 7:37:23 UTC - in response to Message 954747.  

ok

I believe you :)

And u guessed correct, our company is big "over sea" company. The firewall is "solution" and ofcource it allow that the all normal ports are open. The ports are not the actual problem, but the address is. Address is blocked based on some stupid dictionary that is used in many other companies too.

The IT is other side of globe and we are other, local boss is really open eyes to my ideas but the IT admins are bit harder cases.

I started use the SSH tunnel (yesterday) to my old school and now all go fine.I know that this is not option to all users becouse the tunnels is available only tiny parts of guys who fight with same problem, usually in work where is lot of computing time to spend...

It would be nice if the project will open/collect some list of global proxies or tunnel offerers to one site or some....

Many tricks are still available ;)

Cheers, P
ID: 954937 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 954971 - Posted: 15 Dec 2009, 14:36:02 UTC - in response to Message 954937.  

Many tricks are still available ;)


...but that's the point: you shouldn't have to use tricks. If you have to use tricks to use your company's network, then you simply shouldn't do it. Doing so can get you fired, even if you have permission from you boss. A recent school IT Administrator had previous permission from his boss to install SETI on 5,000 computers; a new boss came in and said he didn't have permission and now there might be a lawsuit against him, claiming up to $1.6 million USD in damages.

It's simply not worth it to run SETI on such machines.
ID: 954971 · Report as offensive

Questions and Answers : Preferences : No way to turn the firewalls of (or modify their configs)


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.