School firewall crap

[m33sb3w]

I hesitate to ask this, but I have had it with my school's wannabe IT department...

I'm trying to get a website up. The school gives space for student pages but the method they have of getting the pages uploaded only works with windows. I talked to someone with UNIT (the IT people here) and told them look, I only run linux but I still want to be able to upload stuff to my account on the school's server. They basically said tough shit, you can't. So I decided to setup apache. I needed some database stuff on one of my pages anyway, so I figured why not. Well, because of the school's firewall no one outside of the school network can see my site. I went back down and said, okay, I can't get any webpages of mine up on your server so I started my own. All of the ports seem blocked and no one outside can see my site. Is there anything you can do for me. Again they blew me off. I talked to a friend who used to work with UNIT and he told me to try some really high ports...definitely about 1024, but he said go into the 10-to-20 thousands. I tried that with no luck. He also told me that out of the 12 guys they have working in UNIT, only 1.5 (one full time, one part time) knows linux. Anyway, this whole situation is total BS. I was hoping someone could suggest a way to punch through or otherwise circumvent the school firewall. I only need one port open (well, maybe a few...I can't secure shell or ftp in from off campus either, which really makes work difficult when I'm at home). The site has nothing shady or illegal on it, nothing like that. Just some stuff about my research that I want to post for people off campus as well as grades for some labs I TA that may need to be viewed from off campus, and some personal stuff about me and my hobbies. Any help would be appreciated.

[chizu]

What is the method they are using for having students put files in their webspace?

[m33sb3w]

What is the method they are using for having students put files in their webspace?

Here's the info page

[joycea]

This looks like it might hold the information you are looking for, http://its.truman.edu/documentation/arg ... olders.stm

[perry]

Looks like IE's "Web Folders" are just MS' way of saying DAV. Ain't no way you'd get em to punch a hole in their firewall for you...

Interestingly enough, Netcraft says www.unit.villanova.edu is running Apache on Solaris 8.

I work my school's housing department doing tech support... We only support OS X and (officially, add 98 unofficially) WinME/2K/XP. Doing Linux support would be a nightmare for us. I had a hard enough time showing my boss how to check an IP address in XP, couldn't imagine teaching them Linux.

[zhenlin]

At least they do OS X... Take it as an opportunity to introduce another *NIX

[m33sb3w]

This looks like it might hold the information you are looking for, http://its.truman.edu/documentation/arg ... olders.stm

Thanks so much...I have no idea how I missed that page when I was scouring the net for info. Thanks again.

[m33sb3w]

Looks like IE's "Web Folders" are just MS' way of saying DAV. Ain't no way you'd get em to punch a hole in their firewall for you...

Interestingly enough, Netcraft says www.unit.villanova.edu is running Apache on Solaris 8.

I work my school's housing department doing tech support... We only support OS X and (officially, add 98 unofficially) WinME/2K/XP. Doing Linux support would be a nightmare for us. I had a hard enough time showing my boss how to check an IP address in XP, couldn't imagine teaching them Linux.

Thing is, there are a few Linux networks that UNIT just took over maintaining here. I'm a student in the astronomy department and up until last summer there was a prof here who kept the UNIX/Linux network up and running. He's very good at what he does. UNIT took over though, and now there is ALWAYS something broken. Programs magically disappear, the Linux boxes (RedHat) are down more than up. We left one on the other day and the department chair came in and said the guy from UNIT told him to make sure people shut down (not just logout mind you) the Linux boxes when they're done. I and a few friends cobbled together a comp from pieces we found around the department and installed Gentoo for a presentation. I don't know the exact uptime, but it's been weeks now. I volunteered to help out another prof who knows enough to administer the network if he would grab control back from UNIT, but UNIT would rather have their interns screw everything up. Just makes me so mad... I am surprised that UNIT's site is running on Solaris. I thought everything they did was on some sort of Novell server or something.

[m33sb3w]

Well, I've tried several applications and every one seems to discover that the server I'm supposed to be uploading my site to is NOT webdav enabled. How funny is that... So anyway, any suggestions about the original question...how can I get people outside the school network to see my apache server and possibly how can I secure shell and ftp in from off campus? Is it possible to get around the firewall at all?

[Mnemia]

Well, I've tried several applications and every one seems to discover that the server I'm supposed to be uploading my site to is NOT webdav enabled. How funny is that... So anyway, any suggestions about the original question...how can I get people outside the school network to see my apache server and possibly how can I secure shell and ftp in from off campus? Is it possible to get around the firewall at all?

Is your firewall a full proxy? If it is and they aren't willing to help you accomplish what you want then you're basically out of luck. If it's just a packet filter of some kind then you may have some success running the apps you mentioned (eg, ssh) by running them on high numbered nonstandard ports. Go to dslreports.org and try using their port scanning tool which can help you to discover what ports are being filtered on their firewall.

[Vancouverite]

Are you asking how to crack your schools firewall? If UNIT is incompetent with Linux then you're probably out of luck and will just have to adapt. I would do some investigating into UNIT's contract with your school to determine it's terms, duration and who at the school deals directly with UNIT management. Possibly they could be leveraged into supporting Linux properly.

[philocipher]

i've used tunneling with a program called PUTTY in order to do the opposite, that is connect to a linux server from behind my school's firewall. However if NAT is used and you dont have a unique ip, then you prolly will not be able to do it backwards. it might be possible to run a sshd on port 443 (secure html) and then get into your box that way. other than that, good luck

[m33sb3w]

i've used tunneling with a program called PUTTY in order to do the opposite, that is connect to a linux server from behind my school's firewall. However if NAT is used and you dont have a unique ip, then you prolly will not be able to do it backwards. it might be possible to run a sshd on port 443 (secure html) and then get into your box that way. other than that, good luck

Hmm...I do have a unique IP...maybe I can give that a try. Thanks.

[ebrostig]

You could emerge davfs2 and it will allow you to mount any of your schools Webfolders as a network drive. Then just copy the files over and your webpage should be good to go.

No need to mess around with your own server et al since I'm almost 100% sure that you will never be able to get anyone from the outside to connect to your internal server. I'm sure your school do not have a class B ip range so it has to do NAT between internal and external IP's, hence it's going to be impossible to get through from the outside.

Erik

[devon]

I'm sure your school do not have a class B ip range so it has to do NAT between internal and external IP's, hence it's going to be impossible to get through from the outside.

Looks like they do.

Code: Select all

$ whois -h whois.arin.net 153.104.6.63

OrgName:    Villanova University
OrgID:      VILLAN
Address:    800 Lancaster Avenue
City:       Villanova
StateProv:  PA
PostalCode: 19085
Country:    US

NetRange:   153.104.0.0 - 153.104.255.255
CIDR:       153.104.0.0/16
NetName:    VILLANOVA
NetHandle:  NET-153-104-0-0-1
Parent:     NET-153-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.VILLANOVA.EDU
NameServer: QSTPH.BA-DSG.NET
NameServer: NS1.YIPES.COM
Comment:
RegDate:    1989-03-13
Updated:    2002-05-31

TechHandle: ZV26-ARIN
TechName:   Villanova University
TechPhone:  +1-610-519-4400
TechEmail:  hostmaster@villanova.edu

# ARIN WHOIS database, last updated 2003-07-21 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

[ebrostig]

Damn!

What a waste of ip addresses!

Someone should steal them back! The world is running out of IP's. If they only had a minor subrange and used NAT, we could ahve given the remaining address range to others...

Oh well

Erik

[carambola5]

My experience has been with an ISP similar to your UNIT, except all my ports were open until they noticed I had a personal webpage running. Then they started shutting down the ports one by one, until one day they shutdown port 22. That was it. I gave up and immediately terminated my contract.... unfortunately you don't have that luxury. But since you're attending Villanova (a fairly reputable school in my mind) and you can't just switch providers, here's what I suggest:

Climb the ladder. Go complain to someone higher up. This person will always exist, and don't forget that he or she may be computer illiterate and/or completely external to your "UNIT" department. But before you do this, do some research. Find out about other universities and learn what they provide to their students. And when you approach this "superior," know what to say... which is not "Your IT department sucks. Get a new one."

You should talk to the person face-to-face. No emails unless it is to setup an appointment. Dress nicely. Have a presentation in mind. Instead of bringing in huge posterboards generally used for larger audiences, bring in visual representations on standard letter-sized paper. Flow charts and side-by-side comparisons are always good. You may even want to prepare two different approaches: one for a technically competent person and another for a "where's the any key"-type person. Bringing both sets of papers is part of this preparation. And finally, be sure to have a very direct answer if the person asks "What exactly do you want?" Know the exact answer, and back it up with layman's terms if needed. Going the route of the turbo-caller (mentioned in the "We live in a world of idiots" thread) is a bad idea on this part. Don't say "I want you to make it better." Be anything but vague! Also, don't threaten to "expose" the inadequacies of UNIT. You won't gain anything from it.

That's about it. I suggest starting with an appointment with the head UNIT guy. If that doesn't work, just find the next-most important person. You could even ask the head UNIT guy who his superior is at the end if the meeting doesn't go well. Work your way up, mentioning the fact that you have gone through the requisite channels before wanting to meet with <insert person here>.