On Tue, 23 May 2000, Harry Behrens wrote:
> I have a client requesting me to configure a Linux-based machine (ipchains)
> to allow Notes (over TCP/IP) traffic as well as pcAnywhere (over TCP/IP).
> Does anyone:
>
> - have specific reasons not to do this
> - pointers to ports etc. used (and which therefore need to be opened)
> - information about special quirks (a.k.a. ftp-like behaviour with
> client/server reversal of roles)?
Notes is capable of doing its replication over SSL. Server-to-server
replication is better than client-server access in terms of exposure to
bad things. If you already allow SSL, you shouldn't have to do anything.
If you don't, you'll want to allow it between two servers.
Personally, I wouldn't let PCA through a firewall without a lot of serious
analysis and *lots* of time looking at configuration issues, but that's as
much due to the risk of the controlled machine as anything. Definitely
I'd only allow *outbound* connections for either protocol.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
