On Tue, Jul 09, 2013 at 09:36:07AM +0800, Steve Wray wrote: > I have a firewall problem. > Our developers produced an application which I need to use for monitoring. > The application makes an outgoing connection to one of our servers on port > 443. This server then makes a TCP connection back to the application on > the monitoring server on a random high port. > I'd like to put a firewall on the monitoring server but this is making it > difficult. There are about 100 servers being monitored and we change their > IP addresses often, I don't want to create a blanket 'ALLOW' rule for each > of them. > Does anyone have any suggestions? > Is it possible to allow incoming connections to a specific application?
It sounds like a rather cumbersome application design. What about chosing a fixed port for the monitoring server to listen on? If that won't work, I suggest looking at how active FTP firewall traversal is handled (i.e., an application gateway). Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
