Trying to Host a Minecraft Server behind Company firewall.

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Sparky9292, Oct 12, 2011.

Thread Status:
Not open for further replies.
  1. Sparky9292 macrumors 6502a

    Aug 1, 2004
    I want to host a Minecraft Server. The problem is that my home upload speed blows (80KB/sec), so not many people could join.

    My company has 7MB/sec upload, so that's a great place for a Minecraft server. The problem is that I can't open any ports in the company's firewall.

    I noticed that Teamviewer/GotoMyPC and similar software work just great and get past the firewall no problem.

    Is there a way to somehow get people to use my home machine as a proxy to connect to the Minecraft server at my company? Maybe some way with SSH?

    Thanks in advance!
  2. RalfTheDog macrumors 65816


    Feb 23, 2010
    Lagrange Point
    Using company internet to run a game server?

    Sparky, this is your boss speaking, You are fired!

    PS. If you were to proxy all your traffic through your home computer to the business server, it would be slower than running it directly off of your home server.

    Most companies don't like random software running on their networks. Unless you own the company or are looking for another job, I would think about other solutions.
  3. Sparky9292 thread starter macrumors 6502a

    Aug 1, 2004
    No, the home computer will only serve to connect the machines to the actual server.

    What I need to do is called a Reverse SSH Tunnel.
  4. koolraap macrumors newbie

    Oct 12, 2011

    It doesn't sound like a very good idea -- however we don't know your circumstances. Small company where you work for the owner and they guy next to you is the owner's son, no problems. Large company... don't do it. If you do work for a large company I offer this sagely advice:

    If you're smart enough to do this yourself, then you're smart enough not do it at all.

    If you do want to continue down this route, try find out what sort of intrusion detection/monitoring and logging goes on where you work.

    (sorry to sound like a parent. I work in the IT dept, and people do amazing dumb things sometimes. "Hello Fred? Would you mind stopping your bittorrent server immediately? Yes, the one running on your machine. You don't know how it got there? I see. Do you think you can remove it and any media files yourself or should I do that from here?"

    The other classic mistake is to write something stupid in a work email/IM/txt. If it's electronic assume it's logged.)
  5. marsmissions macrumors 6502


    Jan 5, 2010
    Washington, US
    This is what I would do if I hated my job....
  6. Sparky9292 thread starter macrumors 6502a

    Aug 1, 2004
    Yeah but you can't stop me from SSH Tunneling. You'd have to stop all encrypted traffic and it would stop everyone from visiting HTTPS sites.
  7. dXTC macrumors 68020


    Oct 30, 2006
    Up, up in my studio, studio
    Don't underestimate your company's IT department. Any worthy network traffic monitor should be able to isolate an unusually heavy-traffic SSH tunnel to a single server, sometimes even a single process. Network/server engineers can then check in the logs which user started the process for documentation purposes, and then kill the process, perhaps going so far as to disable SSH tunnels to that specific server, leaving other secure routes intact.

    In short, it's still a very bad idea, and is most likely prohibited in a corporate IT policy your company most likely had you sign. Find another way to get your Mine on.
  8. Consultant macrumors G5


    Jun 27, 2007
    No matter what speed your company's connection is, you are still limited by the SLOW home upload speed of (80KB/sec)
  9. belvdr macrumors 603

    Aug 15, 2005
    It's still piping all the traffic through your home system. Plus if your home system is then VPN'ed into work, you're double-encrypting the traffic and slowing it down even more.

    This is not a solution.
  10. pismobrat macrumors regular

    Aug 13, 2007
    Can't hold back.

    As an IT Admin I love people like OP. I love putting technology in place to crush their attempts to do silly things like this. Between a fully deployed gatway with IDS, DPI with a host of other NAT/Routing Policies with Application Level Control and features all the way to my Aruba wireless system with WIDS and DPI, crushing attempts like this is so easy.

    Yes I am one of those IT Admins who logs everything but I do provide enough flexibility for the staff who need to do their jobs. But when I have had staff trying to do stupid things on the network I've gotten them fired for not adhearing to company policy and I enjoy that.
  11. ezramoore macrumors 6502a

    Mar 20, 2006
    Washington State
    To do this in a corporate environment, and to think that you won't draw the ire of the IT staff and be discovered isn't stupid, it is completely ignorant.

    Doing things like this on network which is actively managed by one group of people means there is no doubt you will be discovered.

    Give it up.

    Pay for better internet at home.
  12. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Mar 5, 2009
    You will get caught so fast. Info Security peeps get reports daily on BW and usage and when they see some weird port hosting crazy incoming and outgoing connections they will track you down and fire you. Don't do something like this. Not only can you get fired but sued because of the potential security mess you can cause.

    The corporate pipe though would allow more people to use the server though.
  13. belvdr, Oct 31, 2011
    Last edited: Oct 31, 2011

    belvdr macrumors 603

    Aug 15, 2005
    That would be incorrect. If everyone is using SSH tunneling to go through his home machine, then they are limited by the slowest link (his speed at home). For example, if A is the friend, B is the OP's home computer, and C is the OP's work computer, then a tunneled connection wouldn't suddenly go from A -> C. It goes A -- (encrypted) --> B -- (encrypted again over VPN) --> C. Then the return packet is just the opposite.

    Also, I don't know of many information security guys who are worried about bandwidth. At least, none of the companies I visited were concerned. That was the network admin's job. And given they would be limited by the home machine's bandwidth, it likely wouldn't raise any alarms from a bandwidth perspective.

    Now, if the employer have scanners (port and/or application like SCCM) on the network, those would likely reveal either the unauthorized program or port on the work machine. Either way, it's a dumb idea.
  14. MacDann macrumors 6502a


    Mar 27, 2007
    Can see the end of the Earth from here
    As a network security professional, I too enjoy folks like this. It gives me motivation for doing my job.

    Not to say I enjoy being punitive, but the gall that some people have, which can often appear as out and out stupidity, just makes it fun to ferret this stuff out. (I am not implying that you are stupid - just that some people I have encountered in my work do things that to many of us would appear to be patently obvious, and therefore, stupid.)

    If your organization is running any sort of IPS or IDS, they'll catch you in short order.

    Sure, I can't see the contents of SSH traffic, but you can bet I can monitor the volume and source/destination. These parameters are enough to cause my IPS to give me a tap on the shoulder so I can look at what's happening in more detail, or even better, start locking things down.

    Unless you're the boss's son or you have the blessing of the management, I would highly discourage you from attempting this. You will get busted.

  15. belvdr macrumors 603

    Aug 15, 2005
    You'd see this for sure, as the SSH packets were decrypted at his home PC, encrypted across the Internet, and then decrypted at the VPN endpoint. Makes it even easier to catch. :)
  16. jtara macrumors 65816

    Mar 23, 2009

    SSH != HTTPS

    They're both encrypted, but encrypted differently, entirely different protocols, different (default) ports, etc.

    Sounds like you know JUST enough to get yourself in trouble. LOL.
  17. Detrius macrumors 68000

    Sep 10, 2008
    Asheville, NC
  18. blacka4 macrumors 6502

    Sep 28, 2009
    you are an idiot. you will loose your job over this.
  19. Les Kern macrumors 68040

    Les Kern

    Apr 26, 2002
  20. GoCubsGo macrumors Nehalem


    Feb 19, 2005
    I'm totally going to follow the OP. The next thread will be: lost my job because my IT department SUCKS.
  21. pismobrat macrumors regular

    Aug 13, 2007
    Ok guys lets wrap this up. This thread is starting to turn into a bleed.

    Admin - Please close this thread.
  22. ericrwalker macrumors 68030


    Oct 8, 2008
    Albany, NY
    That's tight.
  23. Consultant macrumors G5


    Jun 27, 2007
    It looks like the MR scolding saved his job, this time.
Thread Status:
Not open for further replies.

Share This Page