Friends, Good news for those who are behind the firewall and want to connect TWS. I was able to connect TWS from behind the firewall using port forwarding feature of SSH. Just establish a SSH to your trusted server outside and make a forwarding rule for L4000=>gwX.ibllc.com:4000 (pick X randomly between 1-4). The othe trick is related to load balancing feature of IB which redirects initial connect to other node (gwX.ibllc.com). So tunneling technique fails if the /etc/hosts (or C:\WINDOWS\system32\drivers\etc\hosts) file is not fixed as following. This fix will work by making the connection sticky to that node. IB may not like this but what other option we have? Code: 127.0.0.1 gw1.ibllc.com 127.0.0.1 gw2.ibllc.com 127.0.0.1 gw3.ibllc.com 127.0.0.1 gw4.ibllc.com 127.0.0.1 gw5.ibllc.com 127.0.0.1 gw6.ibllc.com 127.0.0.1 gw7.ibllc.com 127.0.0.1 gw8.ibllc.com 127.0.0.1 gw9.ibllc.com 127.0.0.1 gw10.ibllc.com 127.0.0.1 gw11.ibllc.com 127.0.0.1 gw12.ibllc.com 127.0.0.1 gw13.ibllc.com 127.0.0.1 gw14.ibllc.com 127.0.0.1 gw15.ibllc.com 127.0.0.1 gw16.ibllc.com 127.0.0.1 gw17.ibllc.com 127.0.0.1 gw18.ibllc.com 127.0.0.1 gw19.ibllc.com 127.0.0.1 gw20.ibllc.com 127.0.0.1 gw21.ibllc.com 127.0.0.1 gw22.ibllc.com 127.0.0.1 gw23.ibllc.com 127.0.0.1 gw24.ibllc.com 127.0.0.1 gw25.ibllc.com 127.0.0.1 gw26.ibllc.com 127.0.0.1 gw27.ibllc.com 127.0.0.1 gw28.ibllc.com 127.0.0.1 gw29.ibllc.com 127.0.0.1 gw30.ibllc.com 127.0.0.1 gw31.ibllc.com 127.0.0.1 gw32.ibllc.com 127.0.0.1 gw33.ibllc.com 127.0.0.1 gw34.ibllc.com 127.0.0.1 gw35.ibllc.com 127.0.0.1 gw36.ibllc.com 127.0.0.1 gw37.ibllc.com 127.0.0.1 gw38.ibllc.com 127.0.0.1 gw39.ibllc.com 127.0.0.1 gw40.ibllc.com 127.0.0.1 gw41.ibllc.com 127.0.0.1 gw42.ibllc.com 127.0.0.1 gw43.ibllc.com 127.0.0.1 gw44.ibllc.com 127.0.0.1 gw45.ibllc.com 127.0.0.1 gw46.ibllc.com 127.0.0.1 gw47.ibllc.com 127.0.0.1 gw48.ibllc.com 127.0.0.1 gw49.ibllc.com 127.0.0.1 gw50.ibllc.com 127.0.0.1 gw51.ibllc.com 127.0.0.1 gw52.ibllc.com 127.0.0.1 gw53.ibllc.com 127.0.0.1 gw54.ibllc.com 127.0.0.1 gw55.ibllc.com 127.0.0.1 gw56.ibllc.com 127.0.0.1 gw57.ibllc.com 127.0.0.1 gw58.ibllc.com 127.0.0.1 gw59.ibllc.com 127.0.0.1 gw60.ibllc.com 127.0.0.1 gw61.ibllc.com 127.0.0.1 gw62.ibllc.com 127.0.0.1 gw63.ibllc.com 127.0.0.1 gw64.ibllc.com 127.0.0.1 gw65.ibllc.com 127.0.0.1 gw66.ibllc.com 127.0.0.1 gw67.ibllc.com 127.0.0.1 gw68.ibllc.com 127.0.0.1 gw69.ibllc.com 127.0.0.1 gw70.ibllc.com 127.0.0.1 gw71.ibllc.com 127.0.0.1 gw72.ibllc.com 127.0.0.1 gw73.ibllc.com 127.0.0.1 gw74.ibllc.com 127.0.0.1 gw75.ibllc.com 127.0.0.1 gw76.ibllc.com 127.0.0.1 gw77.ibllc.com 127.0.0.1 gw78.ibllc.com 127.0.0.1 gw79.ibllc.com 127.0.0.1 gw80.ibllc.com 127.0.0.1 gw81.ibllc.com 127.0.0.1 gw82.ibllc.com 127.0.0.1 gw83.ibllc.com 127.0.0.1 gw84.ibllc.com 127.0.0.1 gw85.ibllc.com 127.0.0.1 gw86.ibllc.com 127.0.0.1 gw87.ibllc.com 127.0.0.1 gw88.ibllc.com 127.0.0.1 gw89.ibllc.com 127.0.0.1 gw90.ibllc.com 127.0.0.1 gw91.ibllc.com 127.0.0.1 gw92.ibllc.com 127.0.0.1 gw93.ibllc.com 127.0.0.1 gw94.ibllc.com 127.0.0.1 gw95.ibllc.com 127.0.0.1 gw96.ibllc.com 127.0.0.1 gw97.ibllc.com 127.0.0.1 gw98.ibllc.com 127.0.0.1 gw99.ibllc.com 127.0.0.1 gw100.ibllc.com 127.0.0.1 gw101.ibllc.com 127.0.0.1 gw102.ibllc.com 127.0.0.1 gw103.ibllc.com 127.0.0.1 gw104.ibllc.com 127.0.0.1 gw105.ibllc.com 127.0.0.1 gw106.ibllc.com 127.0.0.1 gw107.ibllc.com 127.0.0.1 gw108.ibllc.com 127.0.0.1 gw109.ibllc.com 127.0.0.1 gw110.ibllc.com 127.0.0.1 gw111.ibllc.com 127.0.0.1 gw112.ibllc.com 127.0.0.1 gw113.ibllc.com 127.0.0.1 gw114.ibllc.com 127.0.0.1 gw115.ibllc.com 127.0.0.1 gw116.ibllc.com 127.0.0.1 gw117.ibllc.com 127.0.0.1 gw118.ibllc.com 127.0.0.1 gw119.ibllc.com 127.0.0.1 gw120.ibllc.com 127.0.0.1 gw121.ibllc.com 127.0.0.1 gw122.ibllc.com 127.0.0.1 gw123.ibllc.com 127.0.0.1 gw124.ibllc.com 127.0.0.1 gw125.ibllc.com 127.0.0.1 gw126.ibllc.com 127.0.0.1 gw127.ibllc.com 127.0.0.1 gw128.ibllc.com 127.0.0.1 gw129.ibllc.com 127.0.0.1 gw130.ibllc.com 127.0.0.1 gw131.ibllc.com 127.0.0.1 gw132.ibllc.com 127.0.0.1 gw133.ibllc.com 127.0.0.1 gw134.ibllc.com 127.0.0.1 gw135.ibllc.com 127.0.0.1 gw136.ibllc.com 127.0.0.1 gw137.ibllc.com 127.0.0.1 gw138.ibllc.com 127.0.0.1 gw139.ibllc.com 127.0.0.1 gw140.ibllc.com 127.0.0.1 gw141.ibllc.com 127.0.0.1 gw142.ibllc.com 127.0.0.1 gw143.ibllc.com 127.0.0.1 gw144.ibllc.com 127.0.0.1 gw145.ibllc.com 127.0.0.1 gw146.ibllc.com 127.0.0.1 gw147.ibllc.com 127.0.0.1 gw148.ibllc.com 127.0.0.1 gw149.ibllc.com 127.0.0.1 gw150.ibllc.com 127.0.0.1 gw151.ibllc.com 127.0.0.1 gw152.ibllc.com 127.0.0.1 gw153.ibllc.com 127.0.0.1 gw154.ibllc.com 127.0.0.1 gw155.ibllc.com 127.0.0.1 gw156.ibllc.com 127.0.0.1 gw157.ibllc.com 127.0.0.1 gw158.ibllc.com 127.0.0.1 gw159.ibllc.com 127.0.0.1 gw160.ibllc.com 127.0.0.1 gw161.ibllc.com 127.0.0.1 gw162.ibllc.com 127.0.0.1 gw163.ibllc.com 127.0.0.1 gw164.ibllc.com 127.0.0.1 gw165.ibllc.com 127.0.0.1 gw166.ibllc.com 127.0.0.1 gw167.ibllc.com 127.0.0.1 gw168.ibllc.com 127.0.0.1 gw169.ibllc.com 127.0.0.1 gw170.ibllc.com 127.0.0.1 gw171.ibllc.com 127.0.0.1 gw172.ibllc.com 127.0.0.1 gw173.ibllc.com 127.0.0.1 gw174.ibllc.com 127.0.0.1 gw175.ibllc.com 127.0.0.1 gw176.ibllc.com 127.0.0.1 gw177.ibllc.com 127.0.0.1 gw178.ibllc.com 127.0.0.1 gw179.ibllc.com 127.0.0.1 gw180.ibllc.com 127.0.0.1 gw181.ibllc.com 127.0.0.1 gw182.ibllc.com 127.0.0.1 gw183.ibllc.com 127.0.0.1 gw184.ibllc.com 127.0.0.1 gw185.ibllc.com 127.0.0.1 gw186.ibllc.com 127.0.0.1 gw187.ibllc.com 127.0.0.1 gw188.ibllc.com 127.0.0.1 gw189.ibllc.com 127.0.0.1 gw190.ibllc.com 127.0.0.1 gw191.ibllc.com 127.0.0.1 gw192.ibllc.com 127.0.0.1 gw193.ibllc.com 127.0.0.1 gw194.ibllc.com 127.0.0.1 gw195.ibllc.com 127.0.0.1 gw196.ibllc.com 127.0.0.1 gw197.ibllc.com 127.0.0.1 gw198.ibllc.com 127.0.0.1 gw199.ibllc.com 127.0.0.1 gw200.ibllc.com 127.0.0.1 gw201.ibllc.com 127.0.0.1 gw202.ibllc.com 127.0.0.1 gw203.ibllc.com 127.0.0.1 gw204.ibllc.com 127.0.0.1 gw205.ibllc.com 127.0.0.1 gw206.ibllc.com 127.0.0.1 gw207.ibllc.com 127.0.0.1 gw208.ibllc.com 127.0.0.1 gw209.ibllc.com 127.0.0.1 gw210.ibllc.com 127.0.0.1 gw211.ibllc.com 127.0.0.1 gw212.ibllc.com 127.0.0.1 gw213.ibllc.com 127.0.0.1 gw214.ibllc.com 127.0.0.1 gw215.ibllc.com 127.0.0.1 gw216.ibllc.com 127.0.0.1 gw217.ibllc.com 127.0.0.1 gw218.ibllc.com 127.0.0.1 gw219.ibllc.com 127.0.0.1 gw220.ibllc.com 127.0.0.1 gw221.ibllc.com 127.0.0.1 gw222.ibllc.com 127.0.0.1 gw223.ibllc.com 127.0.0.1 gw224.ibllc.com 127.0.0.1 gw225.ibllc.com 127.0.0.1 gw226.ibllc.com 127.0.0.1 gw227.ibllc.com 127.0.0.1 gw228.ibllc.com 127.0.0.1 gw229.ibllc.com 127.0.0.1 gw230.ibllc.com 127.0.0.1 gw231.ibllc.com 127.0.0.1 gw232.ibllc.com 127.0.0.1 gw233.ibllc.com 127.0.0.1 gw234.ibllc.com 127.0.0.1 gw235.ibllc.com 127.0.0.1 gw236.ibllc.com 127.0.0.1 gw237.ibllc.com 127.0.0.1 gw238.ibllc.com 127.0.0.1 gw239.ibllc.com 127.0.0.1 gw240.ibllc.com Please seek help from google if you are not aware of SSH tunneling. IB - if you are listening to us; why can't you add a SSL enabled port (currently on 4001) on 443 as well so that a normal firewall can connect? A simple iptable rule can do the trick. No corporate proxy will allow outbound SSL connection to non-standard port like 4001 so proxy feature of TWS is mostly a waste. Thanks,
Friends, read following paragraph if your WebTrader is facing frequent logout and you are mad at IB for that. For techie heads: the server side session at IB is locked to a single IP and client will face this frequent logout if their proxy server is load balanced. This is a safety feature to protect us from session hijacking. Try http://checkip.dyndns.org/ and see if your outbound IP is staying same over the time. My problem got resolved after setting an static proxy in place of the front facing NLB (network load balancing) device. Talk to your network administrator to find the list of static proxy. Hope this helps someone. Thanks,