Author: Dann Corbit
Date: 20:22:26 08/08/02
Go up one level in this thread
On August 08, 2002 at 23:12:04, boyons wrote:
>I remember last time I posted a similar message seeking help. I tried some
>advice but to no avail.
>
>I connect to the internet through http proxy server (LAN with firewall). Tried
>to connect several internet servers (yahoo chess games, chess-net, playsite,
>kasparovchess etc...) but the following error messages come out instead:
>
>"You are not connected to the internet"
>"You are behind firewall"
>or the screen just freeze
>
>Tried to telnet chess.net. Seems working but I did not like the text interface.
>Appreciate if any expert out there lend their hands to let me enjoy playing
>online games.
From the Winboard help file:
FIREWALLS
By default, "WinBoard /ics" communicates with an Internet Chess Server by
opening a TCP socket directly from the machine it is running on to the ICS. If
there is a firewall between your machine and the ICS, this won't work. Here are
some recipes for getting around common kinds of firewalls using special options
to WinBoard. Important: See the paragraph in the LIMITATIONS section below about
extra echoes.
Suppose that you can't telnet directly to ICS, but you can telnet to a firewall
host, log in, and then telnet from there to ICS. Let's say the firewall is
called fire.wall.com. Set command-line options as follows:
WinBoard -ics -icshost fire.wall.com -icsport 23
Then when you run WinBoard in ICS mode, you will be prompted to log in to the
firewall host. (This works because port 23 is the standard telnet login
service.) Do so, then telnet to ICS, using a command like "telnet chessclub.com
5000", or whatever command the firewall provides for telnetting to port 5000.
If your firewall lets you telnet (or rlogin) to remote hosts, but doesn't let
you telnet to port 5000, you will have to find some other host outside the
firewall that does let you do this, and hop through it. For instance, suppose
you have an account at foo.edu. Follow the recipe above, but instead of typing
"telnet chessclub.com 5000" to the firewall, type "telnet foo.edu" (or "rlogin
foo.edu"), log in there, and then type "telnet chessclub.com 5000".
Exception: chessclub.com itself lets you connect to the chess server on the
default telnet port (23), which is what you get if you don’t specify a port to
the telnet program. But the other chess servers don’t allow this.
Suppose that you can't telnet directly to ICS, but you can use rsh to run
programs on a firewall host, and that host can telnet to ICS. Let's say the
firewall is called rsh.wall.com. Set command-line options as follows:
WinBoard -ics -gateway rsh.wall.com -icshost chessclub.com
Then when you run WinBoard in ICS mode, it will connect to the ICS by using rsh
to run the command "telnet chessclub.com 5000" on host rsh.wall.com.
ICC timestamp and FICS timeseal do not work through many firewalls. You can use
them only if your firewall gives a clean TCP connection with a full 8-bit wide
path. If your firewall allows you to get out only by running a special telnet
program, you can't use timestamp or timeseal across it. But if you have access
to a computer just outside your firewall, and you have much lower netlag when
talking to that computer than to the ICS, it might be worthwhile running
timestamp there. Follow the instructions above for hopping through a host
outside the firewall (foo.edu in the example), but run timestamp or timeseal on
that host instead of telnet.
Suppose that you have a SOCKS firewall that requires you to go through some
extra level of authentication, but after that will give you a clean 8-bit wide
TCP connection to the chess server. In that case, if you are using timestamp or
timeseal, you need to somehow socksify it; if not, you need to socksify WinBoard
itself. Socksification is beyond the scope of this document, but see
the SOCKS Web site at http://www.socks.nec.com/how2socksify.html.
From the Winboard FAQ:
[B.19] How can I use XBoard or WinBoard to talk to an Internet Chess Server
through a firewall or proxy?
There is no single answer to this question, because there are many different
kinds of firewalls in use. They work in various different ways and have various
different security policies. This answer can only provide hints.
Note that you can't access Internet Chess Servers through a Web proxy, because
they are not a Web service. You talk to them through a raw TCP connection, not
an HTTP connection. If you can only access the Web through a proxy, there may be
a firewall that stops you from making direct TCP connections, but there may also
be a way through it. Read on for hints, and contact your local system
administrator if you need more information about your local configuration.
A helpful user mailed me the following explanation of how to use WinBoard with
WinGate:
"I have managed to setup WinBoard though my WinGate proxy. I have the Office
version. What I needed to do was to setup the TCP/IP connection to add the
User/Host name and my provider service name for the DNS, but I had to leave the
HOST IP address blank. I have not played with all the variations, so it may be
just that I have the DNS lookup enabled."
I hope this helps, though I don't find it very clear. I don't have a copy of
WinGate myself and can't help if you have questions about it.
If you are using some other non-SOCKS firewall, read the FIREWALLS section in
your XBoard or WinBoard documentation (man page, info document, or Help file).
If you can telnet to a chess server in some way, then you can almost certainly
connect to it with xboard/WinBoard, though in some cases you may not be able to
run timestamp or timeseal. The timestamp and timeseal protocols require a clean,
8-bit wide TCP connection from your machine to the ICS, which some firewalls do
not provide.
If you have a SOCKS firewall and are using XBoard, you should be able to
SOCKSify xboard and use it. See http://www.socks.nec.com/ for information about
SOCKS and socksification. However, if you do this, you can't use timestamp or
timeseal; what you really need is a socksified version of timestamp or timeseal.
This is hard because the source code for timestamp and timeseal is proprietary;
the folks running the chess servers don't give it out because that would make it
too easy to cheat. On some versions of Unix, you may be able to socksify a
program that you don't have the source code to by running it with an appropriate
dynamic library; see http://www.socks.nec.com/. For others, you might be able to
get a pre-built socksified version from the chess server administrators. For
timeseal versions, see ftp://ftp.freechess.org/pub/chess/timeseal/. For
timestamp versions, the directory would be
ftp://ftp.chessclub.com/pub/icc/timestamp/, but at this writing there don't seem
to be any socksified timestamps there. Once you have a socksified timestamp or
timeseal, simply run it with a normal, non-socksified xboard in place of the
standard timestamp or timeseal.
If you have a SOCKS firewall and you are using WinBoard, we now know how to make
this configuration work, complete with timestamp or timeseal!
Start by getting SocksCap32. This software is freely available from
http://www.socks.nec.com/. Install it on your machine, read the documentation,
and learn to use it. You may find it useful with many other programs besides
WinBoard.
Next, don't socksify WinBoard. Socksifying WinBoard itself doesn't let you use
it with timestamp or timeseal. For some reason I don't understand -- something
strange that SocksCap32 does -- the socksified WinBoard runs but does nothing,
and timestamp/timeseal runs all by itself in its own window.
Instead, use the following workaround. Follow the instructions exactly; don't
try to skip steps or simplify things.
First, make SocksCap32 application profiles for timestamp and timeseal. Use the
following command lines in the SocksCap32 profiles. Name the first profile
"timestamp" and the second "timeseal".
"c:\program files\winboard\timestamp.exe" chessclub.com 5000 -p 5000
"c:\program files\winboard\timeseal.exe" freechess.org 5000 -p 5000
Second, run timestamp or timeseal by itself, socksified, using its profile. This
will open an unneeded, black window that will not respond to typing. Minimize it
to the task bar and ignore it. It will go away when you exit from WinBoard.
Next, run WinBoard using the following command line. Make a shortcut or type
this command into an MS-DOS Prompt box. Don't run WinBoard itself socksified,
just run it directly.
"c:\program files\winboard.exe" /ics /icshost=localhost /icsport=5000
After you get this working, you can try getting the timestamp window to
auto-minimize by starting it from a shortcut instead of from the SocksCap32
control window. As it says in the SocksCap32 help file, put the following in the
Target field of a shortcut's Properties page:
"c:\program files\sockscap32\sc32.exe" timestamp
Then select "Run: Minimized" on the same page. Do the same for timeseal.
Another method that can work is to use a .bat file to start both timestamp and
WinBoard. It would look something like this:
REM --
REM -- icc.bat
REM -- Start timestamp under SocksCap32 and use WinBoard to connect to it.
REM -- The string "timestamp" refers to a SocksCap32 profile for timestamp.
REM -- Do not change it to the filename of the timestamp program!
REM --
start /minimized "c:\program files\sockscap32\sc32.exe" timestamp
cd "c:\program files\winboard"
winboard /ics /icshost=localhost /icsport=5000
This workaround has a problem if you want to run two copies of WinBoard at once,
talking to the same chess server twice (for bughouse) or to two different chess
servers. If you need to do that, you will need to run a separate copy of
timestamp with a different port number for each connection. You'll need to make
a second set of profile entries with a different value after the -p flag (say,
5001) and you'll need to change the WinBoard command line /icsport=5000 for the
second WinBoard to match.
See also:
http://www.inficad.com/~ecollins/winb-config.htm
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.