Travel Technology - Hotel internet...incoming video/audio ports blocked

Many, probably most, hotel internet services block certain ports (80 and 8080 I think), such that you can't receive certain attachments to email, or live audio or video streaming through certain programs. Does anyone know a way around these blocks? Is there anywhere to find out which ports a particular hotel's service blocks?

Thanks.

Webmail should avoid those blocked ports, at least with respect to email attachments.

Many, probably most, hotel internet services block certain ports (80 and 8080 I think), such that you can't receive certain attachments to email, or live audio or video streaming through certain programs. Does anyone know a way around these blocks? Is there anywhere to find out which ports a particular hotel's service blocks?

Thanks.

Which hotel blocks port 80?

Blocking port 80 kills basic web browsing functionality. I've stayed at most of the major chains and have never found my basic web browsing capability to be blocked. My access to email (via Outlook) is blocked but that is by my work firewall and not anything the hotels have done.

Which hotel blocks port 80?

Blocking port 80 kills basic web browsing functionality. I've stayed at most of the major chains and have never found my basic web browsing capability to be blocked. My access to email (via Outlook) is blocked but that is by my work firewall and not anything the hotels have done.

I suspect there is some confusion about what is being blocked. Most hotels use NAT. They have one (or a limited number) of public IPs and so they distribute private IPs. As a result they are not redirecting incoming server traffic to any of those private IPs. In orther words, you cannot run a web server from inside the hotel and expect anyone to reach it.

When you request a web page (via a server running, typically on port 80) the NAT router remembers that your specific computer asked another specific computer for the page, so when its returned from the server it allows it back in.

Traffic that gets redirected can sometimes get hung up with NAT, although that's pretty atypical.

They may also have a firewall, which is something that prevents outbound traffic...IE doesnt allow you to connect via SSH (port 22) to a server or VPN (various ports). They can also do inbound filtering, although NAT is usually sufficent.

If you are having problems, and you know you can access those kinds of services from home (or elsewhere) try VPN. You can setup a VPN router or server at home, or try a comercial service. Another- and far more geeky way- is to create an SSH tunnel for the traffic. You can use a program such as Putty (windows XP) to encrypt traffic b/t your computer and, say, your home computer. Then your home computer fetches the video, in this case, and delivers it over the encrypted tunnel to you in the hotel....basically this is a single use and port VPN...

That all being said, if you are using a connection at a hotel with out a VPN you may really want to consider finding a solution. Using a VPN not only protects your traffic (at least from the eyes of other guests) but basically removes you from the hotel's network which really protects you against worms and hackers....great idea anytime you are out of the office or home.

-N

yeah, it probably isn't port 80, but certainly something else. If you can get there with http, then that protocol is certainly not blocked.

I have both a VPN at home, which I can access, and then the traffic gets routed there, so I know I can always access anything.

Or, you can setup a vpn connection to work, or to home, or sometimes I'll setup a GOTOMYPC or mywebexpc connection, to home. this is a cheap way to do a VPN without DOING VPN.

Sometimes, a proxy server access will get around these things, or a wifi connection server, like the google secure access, which I still sometimes use which routes all traffic THERE, and then securly to the laptop. That works sometimes.

Sometimes some proxy-servers may not have capabilities to allow streaming
video/audio. If this is the case, Try using direct-internet connection. It may
just work.... not always though.

Does anyone know a way around these blocks? Is there anywhere to find out which ports a particular hotel's service blocks?


The most annoying one is usually the block or redirection of port 25 (outgoing email from your machine when you don't use webmail). They often set up a non-encrypted SMTP relay that they want you to use instead. The reason given for this is ostensibly to block SPAMMERs from using their internet service to connect to thousands of open relays out there.

The only reliable way around these blocks is to use a VPN that takes your packets to your desired SMTP server without the hotel network knowing what they are. The other way is to use webmail to send email. It would be good for desktop email clients to become aware of this hassle and provide a way of allowing the user to use his/her favorite client while communicating using webmail on the backend. But I don't think that functionality is widely out there yet.

There are scanning tools out there that will help you find out what is blocked, etc., but I would recommend against using them since conducting the scan might flag you as a suspicious connection and cause trouble.

The most annoying one is usually the block or redirection of port 25 (outgoing email from your machine when you don't use webmail). They often set up a non-encrypted SMTP relay that they want you to use instead.

you can also try differant ports. What mail domain do you use?

The most annoying one is usually the block or redirection of port 25 (outgoing email from your machine when you don't use webmail). They often set up a non-encrypted SMTP relay that they want you to use instead. The reason given for this is ostensibly to block SPAMMERs from using their internet service to connect to thousands of open relays out there.

The biggest problem I have is that some hotels use services that have SMTP servers, but the hotel staff doesn't know the SMTP server name or address. So sometimes my SMTP server software will work (PostCast Server) but sometimes it won't.

Which hotel blocks port 80?

Blocking port 80 kills basic web browsing functionality. I've stayed at most of the major chains and have never found my basic web browsing capability to be blocked. My access to email (via Outlook) is blocked but that is by my work firewall and not anything the hotels have done.

Here is an excerpt from Wayport's FAQ. I may have mischaracterized it:

Does Wayport block any specific types of traffic?

Due to the proliferation of viruses, worms and other malicious activity on the Internet, we block specific ports to increase the security of our network. Specifically, TCP traffic is blocked on ports 80 (inbound), 135 (inbound), 137, 138, 139, 445 and 8053. UDP traffic is blocked on ports 1434, 8053, 8083 and 8084. We regularly update our firewalls to address new and pressing security issues.

Here is an excerpt from Wayport's FAQ. I may have mischaracterized it:

Does Wayport block any specific types of traffic?

Due to the proliferation of viruses, worms and other malicious activity on the Internet, we block specific ports to increase the security of our network. Specifically, TCP traffic is blocked on ports 80 (inbound), 135 (inbound), 137, 138, 139, 445 and 8053. UDP traffic is blocked on ports 1434, 8053, 8083 and 8084. We regularly update our firewalls to address new and pressing security issues.


but I think you'll find http traffic is not blocked

Here is an excerpt from Wayport's FAQ. I may have mischaracterized it:

Does Wayport block any specific types of traffic?

Due to the proliferation of viruses, worms and other malicious activity on the Internet, we block specific ports to increase the security of our network. Specifically, TCP traffic is blocked on ports 80 (inbound), 135 (inbound), 137, 138, 139, 445 and 8053. UDP traffic is blocked on ports 1434, 8053, 8083 and 8084. We regularly update our firewalls to address new and pressing security issues.

Blocking port 80 "inbound" will prevent a hotel guest from running a web server, rather than prevent a hotel guest from accessing an external web server. When your browser makes a connection to an external port 80, your outgoing port is something completely different.

Port 135 is Microsoft's RPC service, so blocking inbound traffic is likely there to protect guests machines. 137-139 and 445 are NetBIOS, so again likely protecting the guests machine from external access (or preventing them from hosting a server).

I've had all sorts of trouble connecting to my Slingbox remotely from hotels [no probs when using T-Mobile from Starbucks, RCC's, etc.], and still don't know if it is hotel NAT, firewall, or timing issues. I've found I can tunnel it through a VPN connection at work most of the time (depending on which VPN gateway I connect to, as their configurations differ), though the performance isn't nearly as good as direct.

I've had all sorts of trouble connecting to my Slingbox remotely from hotels [no probs when using T-Mobile from Starbucks, RCC's, etc.], and still don't know if it is hotel NAT, firewall, or timing issues. I've found I can tunnel it through a VPN connection at work most of the time (depending on which VPN gateway I connect to, as their configurations differ), though the performance isn't nearly as good as direct.

put your slingbox on port 443. I have had no problems since then. Firewalls at work locations, hotels, etc.

put your slingbox on port 443. I have had no problems since then. Firewalls at work locations, hotels, etc.

I use AOL's instant messenger port (5190?).

My small town cable company blocks 80, 443, and all the other well known services/ports (telnet, ftp, ssh) for their home user level of service. Fortunately my work's outgoing firewall rules are published, and I've been able to find a few ports that will work for both (all instant messaging related).

[going deeper into the technical:] I have found that our VPN gateways (we've got at least two dozen around the world) aren't configured consistently, and some will forward traffic into the intranet and out the firewalls, while others will leave it all outside with fewer restrictions.

I use AOL's instant messenger port (5190?).

My small town cable company blocks 80, 443, and all the other well known services/ports (telnet, ftp, ssh) for their home user level of service. Fortunately my work's outgoing firewall rules are published, and I've been able to find a few ports that will work for both (all instant messaging related).

[going deeper into the technical:] I have found that our VPN gateways (we've got at least two dozen around the world) aren't configured consistently, and some will forward traffic into the intranet and out the firewalls, while others will leave it all outside with fewer restrictions.

What about setting up your own VPN at home? it would allow you to get around any ports that your ISP blocks (and shame on them for doing it!).

SSH tunnels are another (geekier) way to get around stuff like that.

What about setting up your own VPN at home? it would allow you to get around any ports that your ISP blocks (and shame on them for doing it!).

I don't want to become an IT manager. At one time I was running a Linux server so I could host family photos, run a home automation system, and run a dynamic DNS update daemon. It ran for a few years before the ISP started blocking ports, and at that point I couldn't remember how to manage any of it, and turned the machine off.

The network was ultimately running on two hacked HP Digital Entertainment Centers (DE200C: http://www.robertwrose.com/dec/) which was fun to get going, but not so interesting to maintain.

I recently replaced an old router and access point with a combined Netgear VPN router/AP, thinking a VPN appliance would be a lot easier than setting up FreeS/WAN on a box. I didn't realize I had to buy the client software separately, and I've ignored it since.

Some places are really restrictive. The free WiFi at my car dealer blocks everything except outbound port 80 (http) and 443 (https). No SSH, no VPN, no nothing.

I recently replaced an old router and access point with a combined Netgear VPN router/AP, thinking a VPN appliance would be a lot easier than setting up FreeS/WAN on a box. I didn't realize I had to buy the client software separately, and I've ignored it since.

If its not for you, then dont do it. But it is a solution to blocked ports...
I guess, either lived with blocked ports, or find a way around them :D

I can appericate the sentiment... I dont work in IT and when I'm at home, at times, I feel like a sysop which is a pain....other times its rewarding.
For instance, I've stopped hosting my web server...paying $50 a year is just easier... but running my own voip server is priceless...I just enjoy it (when it works).

The VPN thing works the same way...knock on wood...my windows 2003 domain controllers are very reliable and one is a VPN gateway...as is my BSD router....when they are running (like I said, knock on wood b/c they are like 99% up) they are great...but I can see how a netgear box would be a good idea too.

Have you looked into 3rd party IPsec clients? Most of those VPN routers use a standard that either MS IPsec services (seperate free download from MS) or any (IE OpenVPN or Cisco) client can connect to.

What about setting up your own VPN at home? it would allow you to get around any ports that your ISP blocks (and shame on them for doing it!).

SSH tunnels are another (geekier) way to get around stuff like that.

I'm not a VPN administrator. I'm a finance guy. I don't want to trust my ongoing access to my email, etc. to an amateur VPN administrator, even if the amateur is me.

I'm currently staying at a TownePlace Suites with Stayonline service.

VPN is blocked entirely (spent an hour on the phone with tech support that first told me that Zonealarm was the problem and that I should NEVER run a firewall on their system, and then told me that the problem was that the outbound pipe didn't have enough capacity and I needed to wait until someone else stopped using their computer).

Exchange webmail doesn't work from their network, either, it continually & repeatedly brings up the username/password box and finally says "access denied". They had no answer for that.

Both work fine from dialup, wireless hotspots, and every other hotel I've stayed in.

I see why it's free at this hotel - it's totally useless.

If anyone who suggest that I not run a firewall on their network, I'd be tempted to laugh in their face. I'd have to buffer that with the understanding that its just a guy doing their job and probably reading a script...still...thats a really bad thing to say.

The only solution I've found for those situations is SSH. I have a box with SSH running at home that answers on port 443 (which is typically for secure web, https). Since its almost never blocked, it works...but its not an ideal solution at all.

I think your right, you get what you pay for :D

As for exchange, that doesnt make a lot of sense. Assuming your OWA server is using HTTPS then the entire thing either makes it or it doesnt.... if you are being prompted, it should work fine. Is there a chance your user is locked out from repeated attempts? That being said, I've seen firewalls do some strange things...

I think your right, you get what you pay for :D

As for exchange, that doesnt make a lot of sense. Assuming your OWA server is using HTTPS then the entire thing either makes it or it doesnt.... if you are being prompted, it should work fine. Is there a chance your user is locked out from repeated attempts? That being said, I've seen firewalls do some strange things...

It should, but it continues to return the prompt. OVer and over until it finally gives the "permission" error. Sometimes I get as far as showing the folder list, but I can never see the items in the folders.

It's only happening on this one network, so either they're blocking something or they've got something configured wrong. (The conspiracy nut would say they only want to handle unencrypted traffic, but I don't think that's the case). The hotel is about to lose my future business.

I'll probably do SSH and set up a Linux/BSD box at home as a router. Assuming, of course, that SSH isn't blocked here, too.

A solution being offered by http://www.loapowertools.com overcomes the Port 25 problem for outbound email (and the related problem created when your ISP won't let you relay from outside their network) securely, without a VPN. A VPN is more complex than necessary just for email. The LoaPowertools solution is still in beta, but you can sign up for the beta.

I just cannot stress the value of a VPN enough. I totally understand the reluctance about running a server, etc... but there are 3rd party VPNs out there. VPNs provide a lot more than a way to get around blocked ports. Most noteably, when configured correctly, they effectivly remove you from the hotel's LAN (which you share with every guest) and protect your traffic from prying eyes. I know its not always a popular stance, but personally I won't ever surf outside of my LAN without a VPN connection either back to my network or to my work network.

If anyone who suggest that I not run a firewall on their network, I'd be tempted to laugh in their face. I'd have to buffer that with the understanding that its just a guy doing their job and probably reading a script...still...thats a really bad thing to say.

Yeah--I've seen one guy run a laptop on a hotel wireless without a firewall and with outdated AV.

It had to be wiped and reinstalled.

I just cannot stress the value of a VPN enough. I totally understand the reluctance about running a server, etc...

I agree completely with SpaceBass about *always* using a VPN when traveling and how daunting it can be running your own server, but there might be a bit of middle ground for those with some computer knowledge.

Before I decided to run my own Linux servers I just was running a regular old XP desktop with a cable modem. I installed OpenVPN and configured it to run on port 443 to bypass hotel port blocking. Before traveling just start the application, open the port in the router and you have a pretty easy way to safely access the internet from the road. Upon return, just reboot the machine, block the port in the router and everything is back to normal.

No Linux or server knowledge required, just download the software w/GUI (http://openvpn.se), install on desktop & laptop, follow their install help to create certificates, keys, and config files, enable port on router/firewall, run dyndns (if necessary) and you're done. One caveat is whether your home ISP blocks incoming ports, some block 443, but you can usually find one that works...1194, 8080, etc.

I know there are always security risks making your machine visible, but they are pretty minimal compared to the risks of using an insecure hotel network.

Before I decided to run my own Linux servers I just was running a regular old XP desktop with a cable modem. I installed OpenVPN and configured it to run on port 443 to bypass hotel port blocking.

I think thats a great solution!

OpenVPN can be tricky but with the right guide it can be a snap. There are also some consumer or SoHo routers that will accept incoming VPN connections, although I understand they are tricky to configure and not all of them relay traffic back out though the remote gateway.

I think thats a great solution!

OpenVPN can be tricky but with the right guide it can be a snap. There are also some consumer or SoHo routers that will accept incoming VPN connections, although I understand they are tricky to configure and not all of them relay traffic back out though the remote gateway.

If you have a static IP, a Netgear FVS-114 will work as a VPN endpoint. Not hard to configure, but you'll need client software (try Greenbow). While I've had my share of trouble with other Netgear stuff, the 114 has worked well. If you shop for refurbs online, you can pick one up for $30-$35.

I solved my hotel issues by getting a Sprint broadband wireless card. As fast, if not faster, than the hotel connection, and flawless with the VPN and Exchange wbmail.