Archived

This forum has been archived. Please start a new discussion on GitHub.

Port 80 and Gaming

I have very general question regarding firewall and networking. I noticed that port 80 is fairly open to all firewall for http traffic. So for gaming, is it possible to use port 80 as well for game traffic? I'm talking about games that's not web browser based but win32 application. I'm not too familiar with overview of internet protocols and networking so if anybody can explain that with my above question, i would be greatly appreciated.

Thank you all for your time and help!

Comments

  • mes
    mes California
    Welcome to the forum!

    Are you asking about firewall traversal from the perspective of the client or the server?

    If a client is operating in a restrictive network that blocks outgoing traffic to all ports except port 80, there is nothing that Ice can do about that. In order for this to work, the remote Ice server would need to be listening on port 80, which means you couldn't also run an HTTP server at port 80 on that host.

    If that doesn't answer your question, please provide more details and we'll try to help.

    Take care,
    - Mark
  • Hi Mark,

    Thank you for your quick response. Sorry about vagueness... i'm fairly new at networking so please bare with me.

    I meant to say firewall from client's perspective. They will be running my application which has strict firewall and only has port 80 opened for outgoing and incoming messages. So this means that it is possible to pass game traffice through port 80 but in result, clients can't view any other http traffic? Is that correct?

    I guess I'm overall curious as to if most firewall allows port 80 to be opened, then why doesn't most if not all traffic go through port 80? I figure there's some limitation to it then that because currently not all application is doing this which indicates that it's not pratical... I'm just having hard timing understanding this limiation.

    Thank you again for any help!
  • mes
    mes California
    sevensix wrote:
    I meant to say firewall from client's perspective. They will be running my application which has strict firewall and only has port 80 opened for outgoing and incoming messages. So this means that it is possible to pass game traffice through port 80 but in result, clients can't view any other http traffic? Is that correct?
    No, other applications (such as a web browser) can also send outgoing traffic on port 80 along with your Ice application, they would just be sending that traffic to different addresses. For example, the browser could be communicating with www.google.com on port 80, while your Ice application is communicating with your.gameserver.com on port 80.

    Hope that helps,
    - Mark
  • Ah okay. Another question then, by using port 80, is there any limitations? additional latency due to mixing http traffic or other means?

    thanks
  • marc
    marc Florida
    No, there are no such limitations.
  • A minor issue

    A good network security posture will either be ripping apart all HTTP traffic at the firewall, or using IDS/IPS to examine it. This means that while "port 80" might be open, the security systems will be examining further up the stack, and unless Ice is redesigned to tunnel through HTTP (an insanely stupid idea, if you ask me), it's not going to work.

    You could create a tunnel protocol, just as one exists for CORBA, but it will be ugly, and it will break in random ways, so I'd recommend avoiding the idea if you can. Note that these issues only apply to real security, not packet filtering firewalls that some companies, and most home-users have.
  • Thank you all for your responses. It's been very helpful.

    Just general question then, what is good model to have for bypassing or having a firewall friendly application such as multiplay game? Is there some standard that most people follow to avoid any hassles with firewalls?

    Thanks again
  • marc
    marc Florida
    I don't think you need to do anything special. Nearly all firewalls and routers (linksys, d-link, etc.) allow outgoing connections on any port. So if you use bi-directional connections (ideally with Glacier2, to secure your game server, and to provide other nice features such as batching and encryption), there is no problem. We worked on an online game that had thousands of beta testers, and there was never a problem with the player's firewall.

    Note that I'm talking about a client/server model. If you plan a peer-to-peer game, then it gets more complicated, because then at least one of the client firewalls has to allow incoming connections.