How to Bypass Proxies and Firewalls



How to Bypass Proxies and Firewalls


Information in this Brief applies to:

  • StarTeam 4.x, 5.x
  • All Platforms


If your StarTeam Server is on the inside of a firewall or you are using a proxy server to protect your network, to allow StarTeam Clients external to the network to connect to the StarTeam Server, some adjustments may need to be made to your proxy or firewall.

Please note: Because of the wide variety of proxies and firewalls on the market, this article does not contain exact instructions. Rather, this article outlines in general terms conditions that need to be met to allow external connections to the StarTeam Server.


Basically, you need to setup up a hole in your proxy/firewall, based on the endpoint (port address) specified on the StarTeam Server for the TCP/IP Protocol (Sockets) which will permit communication to occur through this hole. The port opened up in the proxy/firewall should allow both inbound and outbound TCP packets to pass (as opposed to UDP). The StarTeam Server, ideally, would be running on the same machine as the proxy/firewall. An external client machine would specify the endpoint for the TCP/IP (sockets) protocol set up on the StarTeam Server, and the external IP address of the machine running the proxy/firewall.

The external StarTeam Client and the StarTeam Server would be using Microsoft"s winsock.dll to communicate. For example, the default setting for TCP/IP (Sockets) for the StarTeam Sever is 49201. On a firewall, in this case, you would want to set inbound traffic to the StarTeam Server to allow for a source protocol/port of TCP 1024-65535 and a destination of TCP 49201. Outbound from the StarTeam Server must allow for a source protocol/port of TCP 49201 and a destination of TCP 1024-65535.

In addition, if the StarTeam Server itself is not running on the same machine as your proxy/firewall, you may have an additional network routing problem. Computers on the outside may not be able to physically route in to your internal StarTeam Server. This is actually an obstacle placed by TCP/IP itself. If this is the case, you may want to check to see if your proxy/firewall can route to the internal IP on your LAN by creating a bridge. Some proxies/firewalls can create a "bridge" or a route between the IP address of the proxy/firewall machine, and another internal machine. Usually a bridge is based on a port address, and when the proxy receives input on that port, it knows to "bridge" the packets to the internal address. If you set up a bridge, on the external client machine, the endpoint will be the port address of the StarTeam Server, but the IP address will be that of the proxy machine and not the machine actually running the StarTeam Server.

If your proxy/firewall does not support a bridge, or any other routing function, you will want to place the StarTeam Server on a machine with an external IP address so external users can reach it.

Old KB# 28427
Comment List