Accessing web sites that use a TCP port other than 80

[NY]

While I was on a cruise recently, I was using the ship's wifi network
(which gets its backhaul via satellite).

My phone and laptop could access most websites, but not ones which used
a non-standard TCP port (ie not 80).

I've set my router up to use port forwarding, so

WAN_IP:8080 is routed to LAN_IP_1:80
WAN_IP:9981 is routed to LAN_IP_2:80
WAN_IP:8998 is routed to LAN_IP_3:80

I use DDNS to map a network name to the current value of my WAN IP
address, which my ISP changes from time to time.

And any attempt to access WAN_IP:8080 (or any other of the ports that
I'd configured) timed-out.

It looks as if the ship's network configuration was only allowing
traffic to standard ports such as 80 (for web), 25/110/995 (for POP/SMTP
email) and a few others, and blocking everything else.


I ended up connecting to my always-on Raspberry Pi (at home) over VNC
and then using that to access the LAN_IP_n devices (weather station,
PVR, security camera) from within my home LAN. Or else waiting till the
ship was in a port and using my mobile phone's mobile internet. Thank
goodness they allowed VNC access...

Is there anything I could have done differently in my laptop network
configuration such that I could access web sites that didn't use port
80, when their port numbers were (apparently) blocked by the ship's wifi?

[Adrian Caspersz]

On 21/05/2023 01:18, NY wrote:
> While I was on a cruise recently, I was using the ship's wifi network
> (which gets its backhaul via satellite).
>
> My phone and laptop could access most websites, but not ones which used
> a non-standard TCP port (ie not 80).
>
> I've set my router up to use port forwarding, so
>
> WAN_IP:8080 is routed to LAN_IP_1:80
> WAN_IP:9981 is routed to LAN_IP_2:80
> WAN_IP:8998 is routed to LAN_IP_3:80
>
> I use DDNS to map a network name to the current value of my WAN IP
> address, which my ISP changes from time to time.
>

I'd be tempted to just setup OpenVPN on port 80 or 443, and make sure
certificates are in use.

However with costs of that connection, I suspect their on-board
firewalling might be somewhat unfriendly to such usage, especially if I
started busy

If ye are on a cruise, isn't the purpose to be disconnected from the
madness of rest of the world anyway?

Would be mine ... :-)

Side thought, low tech solution.

Have some sort of email to web gateway. Send a mail server a URL, and it
emails back the HTML page and graphics it surfed.

--
Adrian C

[NY]

On 22/05/2023 10:31, Adrian Caspersz wrote:
> If ye are on a cruise, isn't the purpose to be disconnected from the
> madness of rest of the world anyway?
>
> Would be mine ... :-)

Very true. However it's useful to be able to check the security cameras,
schedule new TV programmes to record and check that the freezers are
working OK (*) - all those things have web interfaces to 192.168.1.x:y
which I've mapped to WAN_IP:y on the public side with port-forwarding.

But most of the time we are sight-seeing, admiring the mill-pond-calm
sea in the Baltic (never had such calm sea for any previous cruise) and
generally enjoying ourselves.

I like the idea of mapping to commonly-used ports (eg 25, 110, 995, 443
for various email protocols) so at least they would probably not be
blocked by the ship's firewall.

There's no law that says you have to have (for example) a POP3 listener
on port 110 - you could run HTTP traffic over it. I might do that for
the future. Good lateral thinking, whoever suggested it.

Sod's law that we had a brief power cut while we were away. Everything
restarted fine except for the security cameras which reset themselves to
a default pan/tilt, so I had to go into the web interface to say "go to
pre-defined position 3". I only spotted it because I got a movement
alert emailed to me when the postman came to the door, which is a "can't
happen" situation if the camera is looking inside rather than outside.

The other problem was that after the power cut, one of the Linksys Velop
mesh network nodes failed to connect, and it was the one that had our
Hive heating and Hue lighting hubs connected to it. Nothing I could do
about that. Maybe I should put a smart mains switch on that feed so if
it happens, I can power-cycle the Velop and (maybe) trigger it to
reconnect. Those Velops are a pain in the arse: we have a few devices
that only talk 2.4 GHz so we need 2.4 as well as 5 GHz enabled. But...
the nodes have to spaced for 5 GHz coverage which means their 2.4 GHz
coverage overlaps and they sometimes give up with their auto-channel
negotiation. If only I could run Cat 5 to the nodes - but that would
mean making RJ45-sized holes through ceilings and running cables down
walls. The Velops work brilliantly (very fast, seamless coverage as you
roam around the house) but they are a PIG to get them all reconnected
after a power cut. Maybe it's time to get a few UPSes - one per Velop -
to cover for brief power cuts. We get them from time to time (especially
when trees touch overhead HV cables in the locality. They only last a
second or so - just long enough to make everything reboot :-( The other
excuse that the electricity company came up with last time was "wrong
kind of cows": they reckoned that cows in a field had been using wooden
HV poles as back-scratchers, causing brief outages until switchgear
swapped to another feed.



(*) The freezers themselves aren't internet-enabled, but we monitor the
power consumption as a function of time, using smart plugs, to catch the
case where the freezer runs 24/7 because its coolant has evaporated.
This actually happened with a brand-new freezer after about 3 months -
dodgy weld in a coolant pipe, freezer replaced under warranty.
incredibly we lost almost no food because I spotted it very soon and we
were able to transfer stuff to other freezers. OK, if we'd spotted it
when we were away from home, we couldn't have done anything about it,
other than to ring a neighbour and ask her to pop round and bung stuff
in her freezer.