I'm in the same department as the network administrator. There are no ports opened on the firewall and he'll do his damndest to keep it that way. I have to have a very good business reason to have ports opened and it has to go all the way up to the VP.
Then yes you have a problem. I work at a big outfit and because of the availability of the firewall client and its integration within network security, it was easy and routine. There was a thread on this at IB's own customer bulletin board. I haven't been there in a while but you might want to ask there. One of their tech moderator (Ernie?) is very helpful and since many people are affected I would not be surprised if IB came up with some kind of fix.
This is what I do: I run http-tunnel client to connect my computer to outside world via port 80 on http-tunnel server. I then use socks cap http://www.socks.nec.com/reference/sockscap.html socks cap is configured to send all network traffic to the socks server (which is the http-tunnel client) running on your machine. I use socks cap to launch TWS. By doing this, all network access by TWS is automatically sent through http-tunnel. This works awesome! I only swing trade, with no data feed, so I just use the free (slow) version of http-tunnel. Everything goes out port 80 of the firewall, so it looks like http access. Hope this helps.
Sounds like ctrader might have the answer for you. But here's one other thought: I had the identical situation at my work and was just about to switch my account to Brown or Ameritrade when I heard that some people were not on the proxy. I found that they were "Cisco". Turns out the proxy was for the non-power users and the router connection for the power users (like the network guys, etc.) Since our department was all developers, dbas, web admins and the like, we were able to talk them into letting us drop the proxy (which was asinine in the first place). All I'm saying is maybe your manager can actually get the security for you group changed. Let's face it: I'll bet most of guys/gals in the bowels of the IT department don't go through a proxy! But here's what I'm going to do soon: get a Pocket PC Phone w/ T-Mobile and I'll never have to worry again about another overly anal or zealous network administrator. I also swing trade and from all I've read, this will be the perfect solution for me with IBs mobile computing platform! Good luck.
Also on the thread I started http://www.elitetrader.com/vb/showthread.php?s=&threadid=7607&perpage=6&pagenumber=1 there were a few other technical solutions offered including some software called HTTPORT. Good luck
Thanks for the reply. I'm still not having success, but I feel that I'm getting close. I retrieved sockscap and ran the program "socksified". Now I always get "invalid user name or password" and inside of the http-tunnel program I see the following: "Incoming SOCKS connection received" "Could not complete SOCKS request" Any ideas? What does your jts.ini look like? Thanks again.
I think maybe your previous attempts have screwed up your settings. On TWS: it should not know anything about the firewall. Have it configured as it is just out of the box... directly connected to the internet. Socks cap will deal with the problem. http-tunnel client. Remove all port mappings. The http-tunnel client will forward the IB server and port number on to the http-tunnel server. I am not at work right now... if you are still having troubles, I will double check all settings when I get in.
All right, I reinstalled http-tunnel and IB TWS. I have no port mappings and sockscap set at SOCKSv5. It looks like things are progressing but I still never get further than the login screen. Now http-tunnel acknowledges that something is connected to it, but the bytes sent and received stay at 0. TWS grays out the Login button and never comes back. The log in http-tunnel says "Communicating with the server via HTTP-tunneling". Sounds like all systems are go, but I don't see jack. I'll keep playing and waiting for any other suggestions.