Date: Fri, 28 Feb 2003 15:52:36 +0100 From: Igor Pokrovsky <igor.pokrovsky@cnrm.meteo.fr> To: "Patrick M. Hausen" <hausen@punkt.de> Cc: stable@freebsd.org Subject: Re: problems with getting through firewall using CVSup Message-ID: <3E5F77B4.4392E9FD@cnrm.meteo.fr> References: <200302281442.h1SEg0RV042490@hugo10.ka.punkt.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Patrick M. Hausen wrote: > > Hi! > Sergey Osokin wrote: > > > > Is there any way to make it work? > > > To fool firewall? > > > > Yes, looks like a bad/fool/stupid firewall administriva. > > No. This looks exactly like the correct way to implement > a firewall. > > Everything which is not on the "explicitly permitted" list > is denied by default. > > So users tring new and "interesting" protocols and services > have to check if what they are trying to do is in accordance > with the security policy first. > > I know, there are lots of companies that permit any inside > initiated TCP connection. I'd call this stupid if not > explicitly decided upon and documented. Yes. I agree, maybe this is a good policy. And moreover I think that they closed port 5999 on firewall because of my activities :-) Perhaps they thought that I'm trying do something, which will break their security. Maybe because port number is not very popular :-) > And last - maybe they are running a strict application level > gateway like Gauntlet or Sidewinder? If this is the case the > admin must define a custom TCP proxy for CVSup, first. No. Fortunatly. But is there any way to do anything without asking firewall admin to open 5999 port? -- Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E5F77B4.4392E9FD>