May 11, 2018 · networking opinion

Stop Blocking Ports!

Recently, I've started doing research at The Hospital for Sick Children. However, I don't have a SickKids username and password, meaning that I can't log in to the WiFi network dedicated for staff. Being stuck on the Guest WiFi means I have severe network limitations. For example, I was surprised when all my email clients were blocked, including iCloud, Exchange, and even my personal email server. Even my VPN wouldn't connect. I initially thought that only ports 80(HTTP) and 443(HTTPS) were open but I quickly found that port 8080 was also open. Thankfully, I had set my router back at home to port forward 22(SSH) to port 8080. I started up a SOCKS proxy on my machine by connecting to my SSH server back at home:

ssh pi@pi.naut.ca -p 8080 -D 8081

Then go into Network Preferences, Advanced, and enable the SOCKS Proxy option, using localhost as the server, and port 8081.

But I needed a way to automate this, so I created two scripts:

startSOCKS.sh

#!/usr/bin/env bash
kill $(ps -e | grep "ssh pi@pi.naut.ca -p 8080 -D 8081 -Nf" | grep -v grep | head -n1 | cut -d " " -f2)
networksetup -setsocksfirewallproxystate "Wi-Fi" off
ssh pi@pi.naut.ca -p 8080 -D 8081 -Nf
networksetup -setsocksfirewallproxystate "Wi-Fi" on

stopSOCKS.sh

#!/usr/bin/env bash
kill $(ps -e | grep "ssh pi@pi.naut.ca -p 8080 -D 8081 -Nf" | grep -v grep | head -n1 | cut -d " " -f2)
networksetup -setsocksfirewallproxystate "Wi-Fi" off

Unfortunately, the Guest WiFi forces users to log back in every hour, so I have to stop and start it multiple times. But it's certainly worth it for letting me access my email and other servers!

Finally, I was curious to see what ports were being blocked. I scanned outgoing ports against portquiz.net, which replies on every port.

Here's my quick and dirty script:

#!/bin/bash
for number in {100..9999}
do
echo $number
curl -s -o $number.html http://portquiz.net:$number --connect-timeout 2 &
sleep .05
done
wait
exit 0

These are the ports allowed between (1-9999):

80 (HTTP)
443 (HTTPS)
1723 (PPTP VPN)
4443 (Pharos?)
8080 (Popular Alternative Port)