Trying to Host a Minecraft Server behind Company firewall.

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Sparky9292, Oct 12, 2011.

Thread Status:
Not open for further replies.
  1. Sparky9292 macrumors 6502a

    Joined:
    Aug 1, 2004
    #1
    I want to host a Minecraft Server. The problem is that my home upload speed blows (80KB/sec), so not many people could join.

    My company has 7MB/sec upload, so that's a great place for a Minecraft server. The problem is that I can't open any ports in the company's firewall.

    I noticed that Teamviewer/GotoMyPC and similar software work just great and get past the firewall no problem.

    Is there a way to somehow get people to use my home machine as a proxy to connect to the Minecraft server at my company? Maybe some way with SSH?

    Thanks in advance!
     
  2. RalfTheDog macrumors 65816

    RalfTheDog

    Joined:
    Feb 23, 2010
    Location:
    Lagrange Point
    #2
    Using company internet to run a game server?

    Sparky, this is your boss speaking, You are fired!

    PS. If you were to proxy all your traffic through your home computer to the business server, it would be slower than running it directly off of your home server.

    Most companies don't like random software running on their networks. Unless you own the company or are looking for another job, I would think about other solutions.
     
  3. Sparky9292 thread starter macrumors 6502a

    Joined:
    Aug 1, 2004
    #3
    No, the home computer will only serve to connect the machines to the actual server.

    What I need to do is called a Reverse SSH Tunnel.
     
  4. koolraap macrumors newbie

    Joined:
    Oct 12, 2011
    #4
    lecture

    It doesn't sound like a very good idea -- however we don't know your circumstances. Small company where you work for the owner and they guy next to you is the owner's son, no problems. Large company... don't do it. If you do work for a large company I offer this sagely advice:

    If you're smart enough to do this yourself, then you're smart enough not do it at all.

    If you do want to continue down this route, try find out what sort of intrusion detection/monitoring and logging goes on where you work.

    (sorry to sound like a parent. I work in the IT dept, and people do amazing dumb things sometimes. "Hello Fred? Would you mind stopping your bittorrent server immediately? Yes, the one running on your machine. You don't know how it got there? I see. Do you think you can remove it and any media files yourself or should I do that from here?"

    The other classic mistake is to write something stupid in a work email/IM/txt. If it's electronic assume it's logged.)
     
  5. marsmissions macrumors 6502

    marsmissions

    Joined:
    Jan 5, 2010
    Location:
    Washington, US
    #5
    This is what I would do if I hated my job....
     
  6. Sparky9292 thread starter macrumors 6502a

    Joined:
    Aug 1, 2004
    #6
    Yeah but you can't stop me from SSH Tunneling. You'd have to stop all encrypted traffic and it would stop everyone from visiting HTTPS sites.
     
  7. dXTC macrumors 68020

    dXTC

    Joined:
    Oct 30, 2006
    Location:
    Up, up in my studio, studio
    #7
    Don't underestimate your company's IT department. Any worthy network traffic monitor should be able to isolate an unusually heavy-traffic SSH tunnel to a single server, sometimes even a single process. Network/server engineers can then check in the logs which user started the process for documentation purposes, and then kill the process, perhaps going so far as to disable SSH tunnels to that specific server, leaving other secure routes intact.

    In short, it's still a very bad idea, and is most likely prohibited in a corporate IT policy your company most likely had you sign. Find another way to get your Mine on.
     
  8. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #8
    No matter what speed your company's connection is, you are still limited by the SLOW home upload speed of (80KB/sec)
     
  9. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #9
    It's still piping all the traffic through your home system. Plus if your home system is then VPN'ed into work, you're double-encrypting the traffic and slowing it down even more.

    This is not a solution.
     
  10. pismobrat macrumors regular

    Joined:
    Aug 13, 2007
    #10
    Can't hold back.

    As an IT Admin I love people like OP. I love putting technology in place to crush their attempts to do silly things like this. Between a fully deployed gatway with IDS, DPI with a host of other NAT/Routing Policies with Application Level Control and features all the way to my Aruba wireless system with WIDS and DPI, crushing attempts like this is so easy.

    Yes I am one of those IT Admins who logs everything but I do provide enough flexibility for the staff who need to do their jobs. But when I have had staff trying to do stupid things on the network I've gotten them fired for not adhearing to company policy and I enjoy that.
     
  11. ezramoore macrumors 6502a

    Joined:
    Mar 20, 2006
    Location:
    Washington State
    #11
    To do this in a corporate environment, and to think that you won't draw the ire of the IT staff and be discovered isn't stupid, it is completely ignorant.

    Doing things like this on network which is actively managed by one group of people means there is no doubt you will be discovered.

    Give it up.

    Pay for better internet at home.
     
  12. Mattie Num Nums macrumors 68030

    Mattie Num Nums

    Joined:
    Mar 5, 2009
    Location:
    USA
    #12
    You will get caught so fast. Info Security peeps get reports daily on BW and usage and when they see some weird port hosting crazy incoming and outgoing connections they will track you down and fire you. Don't do something like this. Not only can you get fired but sued because of the potential security mess you can cause.

    The corporate pipe though would allow more people to use the server though.
     
  13. belvdr, Oct 31, 2011
    Last edited: Oct 31, 2011

    belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #13
    That would be incorrect. If everyone is using SSH tunneling to go through his home machine, then they are limited by the slowest link (his speed at home). For example, if A is the friend, B is the OP's home computer, and C is the OP's work computer, then a tunneled connection wouldn't suddenly go from A -> C. It goes A -- (encrypted) --> B -- (encrypted again over VPN) --> C. Then the return packet is just the opposite.

    Also, I don't know of many information security guys who are worried about bandwidth. At least, none of the companies I visited were concerned. That was the network admin's job. And given they would be limited by the home machine's bandwidth, it likely wouldn't raise any alarms from a bandwidth perspective.

    Now, if the employer have scanners (port and/or application like SCCM) on the network, those would likely reveal either the unauthorized program or port on the work machine. Either way, it's a dumb idea.
     
  14. MacDann macrumors 6502a

    MacDann

    Joined:
    Mar 27, 2007
    Location:
    Can see the end of the Earth from here
    #14
    As a network security professional, I too enjoy folks like this. It gives me motivation for doing my job.

    Not to say I enjoy being punitive, but the gall that some people have, which can often appear as out and out stupidity, just makes it fun to ferret this stuff out. (I am not implying that you are stupid - just that some people I have encountered in my work do things that to many of us would appear to be patently obvious, and therefore, stupid.)

    If your organization is running any sort of IPS or IDS, they'll catch you in short order.

    Sure, I can't see the contents of SSH traffic, but you can bet I can monitor the volume and source/destination. These parameters are enough to cause my IPS to give me a tap on the shoulder so I can look at what's happening in more detail, or even better, start locking things down.

    Unless you're the boss's son or you have the blessing of the management, I would highly discourage you from attempting this. You will get busted.

    MacDann
     
  15. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #15
    You'd see this for sure, as the SSH packets were decrypted at his home PC, encrypted across the Internet, and then decrypted at the VPN endpoint. Makes it even easier to catch. :)
     
  16. jtara macrumors 65816

    Joined:
    Mar 23, 2009
    #16
    Wrong.

    SSH != HTTPS

    They're both encrypted, but encrypted differently, entirely different protocols, different (default) ports, etc.

    Sounds like you know JUST enough to get yourself in trouble. LOL.
     
  17. Detrius macrumors 68000

    Joined:
    Sep 10, 2008
    Location:
    Asheville, NC
  18. blacka4 macrumors 6502

    Joined:
    Sep 28, 2009
    Location:
    Pittsburgh
    #18
    you are an idiot. you will loose your job over this.
     
  19. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
  20. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #20
    I'm totally going to follow the OP. The next thread will be: lost my job because my IT department SUCKS.
     
  21. pismobrat macrumors regular

    Joined:
    Aug 13, 2007
    #21
    Ok guys lets wrap this up. This thread is starting to turn into a bleed.


    Admin - Please close this thread.
     
  22. ericrwalker macrumors 68030

    ericrwalker

    Joined:
    Oct 8, 2008
    Location:
    Albany, NY
    #22
    That's tight.
     
  23. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #23
    It looks like the MR scolding saved his job, this time.
     
Thread Status:
Not open for further replies.

Share This Page