<title>Firewalls - XBoard</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="XBoard">
-<meta name="generator" content="makeinfo 4.12">
+<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="start" href="index.html#Top">
<link rel="prev" href="Chess-Servers.html#Chess-Servers" title="Chess Servers">
<link rel="next" href="Environment.html#Environment" title="Environment">
</head>
<body>
<div class="node">
-<p>
<a name="Firewalls"></a>
+<p>
Next: <a rel="next" accesskey="n" href="Environment.html#Environment">Environment</a>,
Previous: <a rel="previous" accesskey="p" href="Chess-Servers.html#Chess-Servers">Chess Servers</a>,
Up: <a rel="up" accesskey="u" href="index.html#Top">Top</a>
<hr>
</div>
-<h2 class="chapter">5 Firewalls</h2>
-
-<p>By default, XBoard communicates with an Internet Chess Server\r
-by opening a TCP socket directly from the machine it is running on\r
-to the ICS. If there is a firewall between your machine and the ICS,\r
-this won't work. Here are some recipes for getting around common\r
-kinds of firewalls using special options to XBoard.\r
-Important: See the paragraph in the below about extra echoes, in\r
-<a href="Limitations.html#Limitations">Limitations</a>.\r
-\r
-Suppose that you can't telnet directly to ICS, but you can telnet\r
-to a firewall host, log in, and then telnet from there to ICS.\r
-Let's say the firewall is called ‘<samp><span class="samp">firewall.example.com</span></samp>’. Set\r
-command-line options as follows:\r
-\r
-<pre class="example"> xboard -ics -icshost firewall.example.com -icsport 23\r
+<h2 class="chapter">6 Firewalls</h2>
+
+<p>By default, XBoard communicates with an Internet Chess Server
+by opening a TCP socket directly from the machine it is running on
+to the ICS. If there is a firewall between your machine and the ICS,
+this won't work. Here are some recipes for getting around common
+kinds of firewalls using special options to XBoard.
+Important: See the paragraph in the below about extra echoes, in
+<a href="Limitations.html#Limitations">Limitations</a>.
+
+ <p>Suppose that you can't telnet directly to ICS, but you can telnet
+to a firewall host, log in, and then telnet from there to ICS.
+Let's say the firewall is called ‘<samp><span class="samp">firewall.example.com</span></samp>’. Set
+command-line options as follows:
+
+<pre class="example"> xboard -ics -icshost firewall.example.com -icsport 23
</pre>
- <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:\r
-\r
-<pre class="example"> XBoard*internetChessServerHost: firewall.example.com\r
- XBoard*internetChessServerPort: 23\r
+ <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
+
+<pre class="example"> XBoard*internetChessServerHost: firewall.example.com
+ XBoard*internetChessServerPort: 23
</pre>
- <p class="noindent">Then when you run XBoard in ICS mode, you will be prompted\r
-to log in to the firewall host. This works because port 23 is the\r
-standard telnet login service. Do so, then telnet to ICS, using a\r
-command like ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’, or whatever command\r
-the firewall provides for telnetting to port 5000.\r
-\r
-If your firewall lets you telnet (or rlogin) to remote hosts but\r
-doesn't let you telnet to port 5000, you may be able to connect to the\r
-chess server on port 23 instead, which is the port the telnet program\r
-uses by default. Some chess servers support this (including\r
-chessclub.com and freechess.org), while some do not.\r
-\r
-If your chess server does not allow connections on port 23 and your\r
-firewall does not allow you to connect to other ports, you may be able\r
-to connect by hopping through another host outside the firewall that\r
-you have an account on. For instance, suppose you have a shell\r
-account at ‘<samp><span class="samp">foo.edu</span></samp>’. Follow the recipe above, but instead of\r
-typing ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ to the firewall, type\r
-‘<samp><span class="samp">telnet foo.edu</span></samp>’ (or ‘<samp><span class="samp">rlogin foo.edu</span></samp>’), log in there, and\r
-then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.\r
-\r
-Suppose that you can't telnet directly to ICS, but you can use rsh\r
-to run programs on a firewall host, and that host can telnet to ICS.\r
-Let's say the firewall is called ‘<samp><span class="samp">rsh.example.com</span></samp>’. Set\r
-command-line options as follows:\r
-\r
-<pre class="example"> xboard -ics -gateway rsh.example.com -icshost chessclub.com\r
+ <p class="noindent">Then when you run XBoard in ICS mode, you will be prompted
+to log in to the firewall host. This works because port 23 is the
+standard telnet login service. Do so, then telnet to ICS, using a
+command like ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’, or whatever command
+the firewall provides for telnetting to port 5000.
+
+ <p>If your firewall lets you telnet (or rlogin) to remote hosts but
+doesn't let you telnet to port 5000, you may be able to connect to the
+chess server on port 23 instead, which is the port the telnet program
+uses by default. Some chess servers support this (including
+chessclub.com and freechess.org), while some do not.
+
+ <p>If your chess server does not allow connections on port 23 and your
+firewall does not allow you to connect to other ports, you may be able
+to connect by hopping through another host outside the firewall that
+you have an account on. For instance, suppose you have a shell
+account at ‘<samp><span class="samp">foo.edu</span></samp>’. Follow the recipe above, but instead of
+typing ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ to the firewall, type
+‘<samp><span class="samp">telnet foo.edu</span></samp>’ (or ‘<samp><span class="samp">rlogin foo.edu</span></samp>’), log in there, and
+then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.
+
+ <p>Suppose that you can't telnet directly to ICS, but you can use rsh
+to run programs on a firewall host, and that host can telnet to ICS.
+Let's say the firewall is called ‘<samp><span class="samp">rsh.example.com</span></samp>’. Set
+command-line options as follows:
+
+<pre class="example"> xboard -ics -gateway rsh.example.com -icshost chessclub.com
</pre>
- <p>\r
-Or in your <samp><span class="file">.Xresources</span></samp> file:\r
-\r
-<pre class="example"> XBoard*gateway: rsh.example.com\r
- XBoard*internetChessServerHost: chessclub.com\r
+ <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
+
+<pre class="example"> XBoard*gateway: rsh.example.com
+ XBoard*internetChessServerHost: chessclub.com
</pre>
- <p>\r
-Then when you run XBoard in ICS mode, it will connect to\r
-the ICS by using <samp><span class="file">rsh</span></samp> to run the command\r
-‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ on host ‘<samp><span class="samp">rsh.example.com</span></samp>’.\r
-\r
-Suppose that you can telnet anywhere you want, but you have to\r
-run a special program called <samp><span class="file">ptelnet</span></samp> to do so.\r
-\r
-First, we'll consider the easy case, in which\r
-‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ gets you to the chess server.\r
-In this case set command line options as follows:\r
-\r
-<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet\r
+ <p>Then when you run XBoard in ICS mode, it will connect to
+the ICS by using <samp><span class="file">rsh</span></samp> to run the command
+‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ on host ‘<samp><span class="samp">rsh.example.com</span></samp>’.
+
+ <p>Suppose that you can telnet anywhere you want, but you have to
+run a special program called <samp><span class="file">ptelnet</span></samp> to do so.
+
+ <p>First, we'll consider the easy case, in which
+‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ gets you to the chess server.
+In this case set command line options as follows:
+
+<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet
</pre>
- <p>\r
-Or in your <samp><span class="file">.Xresources</span></samp> file:\r
-\r
-<pre class="example"> XBoard*useTelnet: true\r
- XBoard*telnetProgram: ptelnet\r
+ <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
+
+<pre class="example"> XBoard*useTelnet: true
+ XBoard*telnetProgram: ptelnet
</pre>
- <p>\r
-Then when you run XBoard in ICS mode, it will issue the\r
-command ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ to connect to the ICS.\r
-\r
-Next, suppose that ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ doesn't work;\r
-that is, your <samp><span class="file">ptelnet</span></samp> program doesn't let you connect to\r
-alternative ports. As noted above, your chess server may allow you to\r
-connect on port 23 instead. In that case, just add the option\r
-‘<samp><span class="samp">-icsport ""</span></samp>’ to the above command, or add\r
-‘<samp><span class="samp">XBoard*internetChessServerPort:</span></samp>’ to your <samp><span class="file">.Xresources</span></samp> file.\r
-But if your chess server doesn't let you connect on port 23, you will have\r
-to find some other host outside the firewall and hop through it. For\r
-instance, suppose you have a shell account at ‘<samp><span class="samp">foo.edu</span></samp>’. Set\r
-command line options as follows:\r
-\r
-<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet -icshost foo.edu -icsport ""\r
+ <p class="noindent">Then when you run XBoard in ICS mode, it will issue the
+command ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ to connect to the ICS.
+
+ <p>Next, suppose that ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ doesn't work;
+that is, your <samp><span class="file">ptelnet</span></samp> program doesn't let you connect to
+alternative ports. As noted above, your chess server may allow you to
+connect on port 23 instead. In that case, just add the option
+‘<samp><span class="samp">-icsport ""</span></samp>’ to the above command, or add
+‘<samp><span class="samp">XBoard*internetChessServerPort:</span></samp>’ to your <samp><span class="file">.Xresources</span></samp> file.
+But if your chess server doesn't let you connect on port 23, you will have
+to find some other host outside the firewall and hop through it. For
+instance, suppose you have a shell account at ‘<samp><span class="samp">foo.edu</span></samp>’. Set
+command line options as follows:
+
+<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet -icshost foo.edu -icsport ""
</pre>
- <p>\r
-Or in your <samp><span class="file">.Xresources</span></samp> file:\r
-\r
-<pre class="example"> XBoard*useTelnet: true\r
- XBoard*telnetProgram: ptelnet\r
- XBoard*internetChessServerHost: foo.edu\r
- XBoard*internetChessServerPort:\r
+ <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
+
+<pre class="example"> XBoard*useTelnet: true
+ XBoard*telnetProgram: ptelnet
+ XBoard*internetChessServerHost: foo.edu
+ XBoard*internetChessServerPort:
</pre>
- <p>\r
-Then when you run XBoard in ICS mode, it will issue the\r
-command ‘<samp><span class="samp">ptelnet foo.edu</span></samp>’ to connect to your account at\r
-‘<samp><span class="samp">foo.edu</span></samp>’. Log in there, then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.\r
-\r
-ICC timestamp and FICS timeseal do not work through some\r
-firewalls. You can use them only if your firewall gives a clean TCP\r
-connection with a full 8-bit wide path. If your firewall allows you\r
-to get out only by running a special telnet program, you can't use\r
-timestamp or timeseal across it. But if you have access to a\r
-computer just outside your firewall, and you have much lower netlag\r
-when talking to that computer than to the ICS, it might be worthwhile\r
-running timestamp there. Follow the instructions above for hopping\r
-through a host outside the firewall (foo.edu in the example),\r
-but run timestamp or timeseal on that host instead of telnet.\r
-\r
-Suppose that you have a SOCKS firewall that will give you a clean\r
-8-bit wide TCP connection to the chess server, but only after you\r
-authenticate yourself via the SOCKS protocol. In that case, you could\r
-make a socksified version of XBoard and run that. If you are using\r
-timestamp or timeseal, you will to socksify it, not XBoard; this may\r
-be difficult seeing that ICC and FICS do not provide source code for\r
-these programs. Socksification is beyond the scope of this document,\r
-but see the SOCKS Web site at http://www.socks.permeo.com/.\r
-If you are missing SOCKS, try http://www.funbureau.com/.\r
-\r
+ <p class="noindent">Then when you run XBoard in ICS mode, it will issue the
+command ‘<samp><span class="samp">ptelnet foo.edu</span></samp>’ to connect to your account at
+‘<samp><span class="samp">foo.edu</span></samp>’. Log in there, then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.
+
+ <p>ICC timestamp and FICS timeseal do not work through some
+firewalls. You can use them only if your firewall gives a clean TCP
+connection with a full 8-bit wide path. If your firewall allows you
+to get out only by running a special telnet program, you can't use
+timestamp or timeseal across it. But if you have access to a
+computer just outside your firewall, and you have much lower netlag
+when talking to that computer than to the ICS, it might be worthwhile
+running timestamp there. Follow the instructions above for hopping
+through a host outside the firewall (foo.edu in the example),
+but run timestamp or timeseal on that host instead of telnet.
+
+ <p>Suppose that you have a SOCKS firewall that will give you a clean
+8-bit wide TCP connection to the chess server, but only after you
+authenticate yourself via the SOCKS protocol. In that case, you could
+make a socksified version of XBoard and run that. If you are using
+timestamp or timeseal, you will to socksify it, not XBoard; this may
+be difficult seeing that ICC and FICS do not provide source code for
+these programs. Socksification is beyond the scope of this document,
+but see the SOCKS Web site at http://www.socks.permeo.com/.
+If you are missing SOCKS, try http://www.funbureau.com/.
</body></html>