-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
> This is a typical problem with all kind of client/server applications!
> You have to allow tcp-high ports on your firewall!
Thus, letting in the dragons....
Actually, the RIGHT thing to do is:
1. Write protocols which don't behave this way or
2. Write a proxy or filter which monitors the data stream and opens / closes
additional ports as necessary.
This is "ftp-ish". The ftp control-port data-port lashup is an obsolete hack
that all who firewall (coders, testers and administrators) are STILL living
with. Why anyone would spec a protocol like this these days is beyond me.
AL
- --
+--------------------------------------------------------------------+
| Al Potter Manager, Network Security Labs |
| apotter at-yay icsa ot-day net ICSA Labs |
| (If the spambots learn piglatin...) |
| PGP Key: 0x58C95451 http://www.icsa.net |
| PGP Fingerprint: D3 1D BE 8C B5 DD 12 61 5A 4A 65 32 93 E5 D9 36 |
+--------------------------------------------------------------------+
>
> Kind regards,
>
> Samir Fahim
> ISE
>
> At 18:59 3/12/2000 -0000, Murugavel Balasubramaniam wrote:
> >Hi
> >
> >I've a corba application, the server inside my companiy's internal network
> and the client in one the agents' machine with Checkpoint FW-1 in
> between.The client initiates a connection with the server to a fixed port
> (14000), but then it talks to the client in different random ports.
> Everything is working fine if I open all ports thru the firewall. I'm not
> able to restrict the application to use only predetermined ports. I checked
> all available documentations, manuals etc.
> >Can this be solved by some settings or special rules in my fireall? (maybe
> using the 'stateful' thing in FW-1??) Or is this to be handled only thru
> the application?
> >
> >Thanks
> >Samuel
> >
> >_____________________________________________________
> >Chat with your friends as soon as they come online. Get Rediff Bol at
> >http://bol.rediff.com
> >
> >Participate in crazy auctions at http://auctions.rediff.com/auctions/
> >
> >
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Exmh version 2.2 06/23/2000
iQCVAwUBOivg+9uN3h5YyVRRAQIqFgP/ciIZh6EfJ2bK2ay9+kjGrF2jLzyOt5YH
5istMWVjo4j2gtD+aootAbOWuLKgXS4/CcDmBXVnGm9O3j/4mkhJPkM5OXSaZnTF
XEXtZSr/Qz5pDZuPzKDCvO4Do7w4yMfOAWRGd69rvMGKYbKwMEzmVwov6/oPCSd8
lxLzvKdEoRg=
=93k/
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
