<h2 class="chapter">5 Firewalls</h2>
-<p>By default, XBoard communicates with an Internet Chess Server
-by opening a TCP socket directly from the machine it is running on
-to the ICS. If there is a firewall between your machine and the ICS,
-this won't work. Here are some recipes for getting around common
-kinds of firewalls using special options to XBoard.
-Important: See the paragraph in the below about extra echoes, in
-<a href="Limitations.html#Limitations">Limitations</a>.
-
- <p>Suppose that you can't telnet directly to ICS, but you can telnet
-to a firewall host, log in, and then telnet from there to ICS.
-Let's say the firewall is called ‘<samp><span class="samp">firewall.example.com</span></samp>’. Set
-command-line options as follows:
-
-<pre class="example"> xboard -ics -icshost firewall.example.com -icsport 23
+<p>By default, XBoard communicates with an Internet Chess Server\r
+by opening a TCP socket directly from the machine it is running on\r
+to the ICS. If there is a firewall between your machine and the ICS,\r
+this won't work. Here are some recipes for getting around common\r
+kinds of firewalls using special options to XBoard.\r
+Important: See the paragraph in the below about extra echoes, in\r
+<a href="Limitations.html#Limitations">Limitations</a>.\r
+\r
+Suppose that you can't telnet directly to ICS, but you can telnet\r
+to a firewall host, log in, and then telnet from there to ICS.\r
+Let's say the firewall is called ‘<samp><span class="samp">firewall.example.com</span></samp>’. Set\r
+command-line options as follows:\r
+\r
+<pre class="example"> xboard -ics -icshost firewall.example.com -icsport 23\r
</pre>
- <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
-
-<pre class="example"> XBoard*internetChessServerHost: firewall.example.com
- XBoard*internetChessServerPort: 23
+ <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:\r
+\r
+<pre class="example"> XBoard*internetChessServerHost: firewall.example.com\r
+ XBoard*internetChessServerPort: 23\r
</pre>
- <p class="noindent">Then when you run XBoard in ICS mode, you will be prompted
-to log in to the firewall host. This works because port 23 is the
-standard telnet login service. Do so, then telnet to ICS, using a
-command like ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’, or whatever command
-the firewall provides for telnetting to port 5000.
-
- <p>If your firewall lets you telnet (or rlogin) to remote hosts but
-doesn't let you telnet to port 5000, you may be able to connect to the
-chess server on port 23 instead, which is the port the telnet program
-uses by default. Some chess servers support this (including
-chessclub.com and freechess.org), while some do not.
-
- <p>If your chess server does not allow connections on port 23 and your
-firewall does not allow you to connect to other ports, you may be able
-to connect by hopping through another host outside the firewall that
-you have an account on. For instance, suppose you have a shell
-account at ‘<samp><span class="samp">foo.edu</span></samp>’. Follow the recipe above, but instead of
-typing ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ to the firewall, type
-‘<samp><span class="samp">telnet foo.edu</span></samp>’ (or ‘<samp><span class="samp">rlogin foo.edu</span></samp>’), log in there, and
-then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.
-
- <p>Suppose that you can't telnet directly to ICS, but you can use rsh
-to run programs on a firewall host, and that host can telnet to ICS.
-Let's say the firewall is called ‘<samp><span class="samp">rsh.example.com</span></samp>’. Set
-command-line options as follows:
-
-<pre class="example"> xboard -ics -gateway rsh.example.com -icshost chessclub.com
+ <p class="noindent">Then when you run XBoard in ICS mode, you will be prompted\r
+to log in to the firewall host. This works because port 23 is the\r
+standard telnet login service. Do so, then telnet to ICS, using a\r
+command like ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’, or whatever command\r
+the firewall provides for telnetting to port 5000.\r
+\r
+If your firewall lets you telnet (or rlogin) to remote hosts but\r
+doesn't let you telnet to port 5000, you may be able to connect to the\r
+chess server on port 23 instead, which is the port the telnet program\r
+uses by default. Some chess servers support this (including\r
+chessclub.com and freechess.org), while some do not.\r
+\r
+If your chess server does not allow connections on port 23 and your\r
+firewall does not allow you to connect to other ports, you may be able\r
+to connect by hopping through another host outside the firewall that\r
+you have an account on. For instance, suppose you have a shell\r
+account at ‘<samp><span class="samp">foo.edu</span></samp>’. Follow the recipe above, but instead of\r
+typing ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ to the firewall, type\r
+‘<samp><span class="samp">telnet foo.edu</span></samp>’ (or ‘<samp><span class="samp">rlogin foo.edu</span></samp>’), log in there, and\r
+then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.\r
+\r
+Suppose that you can't telnet directly to ICS, but you can use rsh\r
+to run programs on a firewall host, and that host can telnet to ICS.\r
+Let's say the firewall is called ‘<samp><span class="samp">rsh.example.com</span></samp>’. Set\r
+command-line options as follows:\r
+\r
+<pre class="example"> xboard -ics -gateway rsh.example.com -icshost chessclub.com\r
</pre>
- <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
-
-<pre class="example"> XBoard*gateway: rsh.example.com
- XBoard*internetChessServerHost: chessclub.com
+ <p>\r
+Or in your <samp><span class="file">.Xresources</span></samp> file:\r
+\r
+<pre class="example"> XBoard*gateway: rsh.example.com\r
+ XBoard*internetChessServerHost: chessclub.com\r
</pre>
- <p>Then when you run XBoard in ICS mode, it will connect to
-the ICS by using <samp><span class="file">rsh</span></samp> to run the command
-‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ on host ‘<samp><span class="samp">rsh.example.com</span></samp>’.
-
- <p>Suppose that you can telnet anywhere you want, but you have to
-run a special program called <samp><span class="file">ptelnet</span></samp> to do so.
-
- <p>First, we'll consider the easy case, in which
-‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ gets you to the chess server.
-In this case set command line options as follows:
-
-<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet
+ <p>\r
+Then when you run XBoard in ICS mode, it will connect to\r
+the ICS by using <samp><span class="file">rsh</span></samp> to run the command\r
+‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’ on host ‘<samp><span class="samp">rsh.example.com</span></samp>’.\r
+\r
+Suppose that you can telnet anywhere you want, but you have to\r
+run a special program called <samp><span class="file">ptelnet</span></samp> to do so.\r
+\r
+First, we'll consider the easy case, in which\r
+‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ gets you to the chess server.\r
+In this case set command line options as follows:\r
+\r
+<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet\r
</pre>
- <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
-
-<pre class="example"> XBoard*useTelnet: true
- XBoard*telnetProgram: ptelnet
+ <p>\r
+Or in your <samp><span class="file">.Xresources</span></samp> file:\r
+\r
+<pre class="example"> XBoard*useTelnet: true\r
+ XBoard*telnetProgram: ptelnet\r
</pre>
- <p class="noindent">Then when you run XBoard in ICS mode, it will issue the
-command ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ to connect to the ICS.
-
- <p>Next, suppose that ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ doesn't work;
-that is, your <samp><span class="file">ptelnet</span></samp> program doesn't let you connect to
-alternative ports. As noted above, your chess server may allow you to
-connect on port 23 instead. In that case, just add the option
-‘<samp><span class="samp">-icsport ""</span></samp>’ to the above command, or add
-‘<samp><span class="samp">XBoard*internetChessServerPort:</span></samp>’ to your <samp><span class="file">.Xresources</span></samp> file.
-But if your chess server doesn't let you connect on port 23, you will have
-to find some other host outside the firewall and hop through it. For
-instance, suppose you have a shell account at ‘<samp><span class="samp">foo.edu</span></samp>’. Set
-command line options as follows:
-
-<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet -icshost foo.edu -icsport ""
+ <p>\r
+Then when you run XBoard in ICS mode, it will issue the\r
+command ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ to connect to the ICS.\r
+\r
+Next, suppose that ‘<samp><span class="samp">ptelnet chessclub.com 5000</span></samp>’ doesn't work;\r
+that is, your <samp><span class="file">ptelnet</span></samp> program doesn't let you connect to\r
+alternative ports. As noted above, your chess server may allow you to\r
+connect on port 23 instead. In that case, just add the option\r
+‘<samp><span class="samp">-icsport ""</span></samp>’ to the above command, or add\r
+‘<samp><span class="samp">XBoard*internetChessServerPort:</span></samp>’ to your <samp><span class="file">.Xresources</span></samp> file.\r
+But if your chess server doesn't let you connect on port 23, you will have\r
+to find some other host outside the firewall and hop through it. For\r
+instance, suppose you have a shell account at ‘<samp><span class="samp">foo.edu</span></samp>’. Set\r
+command line options as follows:\r
+\r
+<pre class="example"> xboard -ics -telnet -telnetProgram ptelnet -icshost foo.edu -icsport ""\r
</pre>
- <p class="noindent">Or in your <samp><span class="file">.Xresources</span></samp> file:
-
-<pre class="example"> XBoard*useTelnet: true
- XBoard*telnetProgram: ptelnet
- XBoard*internetChessServerHost: foo.edu
- XBoard*internetChessServerPort:
+ <p>\r
+Or in your <samp><span class="file">.Xresources</span></samp> file:\r
+\r
+<pre class="example"> XBoard*useTelnet: true\r
+ XBoard*telnetProgram: ptelnet\r
+ XBoard*internetChessServerHost: foo.edu\r
+ XBoard*internetChessServerPort:\r
</pre>
- <p class="noindent">Then when you run XBoard in ICS mode, it will issue the
-command ‘<samp><span class="samp">ptelnet foo.edu</span></samp>’ to connect to your account at
-‘<samp><span class="samp">foo.edu</span></samp>’. Log in there, then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.
-
- <p>ICC timestamp and FICS timeseal do not work through some
-firewalls. You can use them only if your firewall gives a clean TCP
-connection with a full 8-bit wide path. If your firewall allows you
-to get out only by running a special telnet program, you can't use
-timestamp or timeseal across it. But if you have access to a
-computer just outside your firewall, and you have much lower netlag
-when talking to that computer than to the ICS, it might be worthwhile
-running timestamp there. Follow the instructions above for hopping
-through a host outside the firewall (foo.edu in the example),
-but run timestamp or timeseal on that host instead of telnet.
-
- <p>Suppose that you have a SOCKS firewall that will give you a clean
-8-bit wide TCP connection to the chess server, but only after you
-authenticate yourself via the SOCKS protocol. In that case, you could
-make a socksified version of XBoard and run that. If you are using
-timestamp or timeseal, you will to socksify it, not XBoard; this may
-be difficult seeing that ICC and FICS do not provide source code for
-these programs. Socksification is beyond the scope of this document,
-but see the SOCKS Web site at http://www.socks.permeo.com/.
-If you are missing SOCKS, try http://www.funbureau.com/.
+ <p>\r
+Then when you run XBoard in ICS mode, it will issue the\r
+command ‘<samp><span class="samp">ptelnet foo.edu</span></samp>’ to connect to your account at\r
+‘<samp><span class="samp">foo.edu</span></samp>’. Log in there, then type ‘<samp><span class="samp">telnet chessclub.com 5000</span></samp>’.\r
+\r
+ICC timestamp and FICS timeseal do not work through some\r
+firewalls. You can use them only if your firewall gives a clean TCP\r
+connection with a full 8-bit wide path. If your firewall allows you\r
+to get out only by running a special telnet program, you can't use\r
+timestamp or timeseal across it. But if you have access to a\r
+computer just outside your firewall, and you have much lower netlag\r
+when talking to that computer than to the ICS, it might be worthwhile\r
+running timestamp there. Follow the instructions above for hopping\r
+through a host outside the firewall (foo.edu in the example),\r
+but run timestamp or timeseal on that host instead of telnet.\r
+\r
+Suppose that you have a SOCKS firewall that will give you a clean\r
+8-bit wide TCP connection to the chess server, but only after you\r
+authenticate yourself via the SOCKS protocol. In that case, you could\r
+make a socksified version of XBoard and run that. If you are using\r
+timestamp or timeseal, you will to socksify it, not XBoard; this may\r
+be difficult seeing that ICC and FICS do not provide source code for\r
+these programs. Socksification is beyond the scope of this document,\r
+but see the SOCKS Web site at http://www.socks.permeo.com/.\r
+If you are missing SOCKS, try http://www.funbureau.com/.\r
+\r
</body></html>