As there are so many servers being monitored and the server check
application has to run individually for each one it can't just listen on
one port; each instance of the server check application has to listen on
its own port. It tells the monitored server which port to connect back to.
I guess in this respect its similar to active FTP (which is a pain to
firewall).
On 9 July 2013 09:58, Roberto C. Sánchez <[email protected]> wrote:
> On Tue, Jul 09, 2013 at 09:36:07AM +0800, Steve Wray wrote:
> > I have a firewall problem.
> > Our developers produced an application which I need to use for
> monitoring.
> > The application makes an outgoing connection to one of our servers on
> port
> > 443. This server then makes a TCP connection back to the application
> on
> > the monitoring server on a random high port.
> > I'd like to put a firewall on the monitoring server but this is
> making it
> > difficult. There are about 100 servers being monitored and we change
> their
> > IP addresses often, I don't want to create a blanket 'ALLOW' rule for
> each
> > of them.
> > Does anyone have any suggestions?
> > Is it possible to allow incoming connections to a specific
> application?
>
> It sounds like a rather cumbersome application design. What about
> chosing a fixed port for the monitoring server to listen on? If that
> won't work, I suggest looking at how active FTP firewall traversal is
> handled (i.e., an application gateway).
>
> Regards,
>
> -Roberto
>
> --
> Roberto C. Sánchez
> http://people.connexer.com/~roberto
> http://www.connexer.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBCAAGBQJR224hAAoJECzXeF7dp7IPb9MP/0HcJLU6mBq5Wzv4gtabihSA
> DOJ6lD34Oa0prYuuEiqUQmDmZWfKArhj70hfBHQ6TCVZ6F1b4BkV6QxCok7tF8fy
> Pw1sb5XzTO2Q1WSfxyJ4Cl2hjiQN10+BIdQt3nSS/cPGNpHakbsWfJZUA23SLBi4
> baa4+4AmDyAbD/Tgih2MFWjbg04CuZhoUd6bXrJ/i1Ih+PIOrEL39sUtR4wwGRjv
> ONNEU0abHfYyAeUIEWDgO7ItEVpEpTVhH/fsyhhKvTyQU7Wk/8R/aNyq9sJZhInh
> t9VqyewfrCwW2VpJ+nhf7OSeFMY7ssse2gwimutLTzuSa33RNzSTacbBbCHBpmsv
> S4+fxfA0gS3TFejnnshpKRVXg51Tlqg0zqAV65Oh4A0I0liFVy39/I+gpsfOBSET
> fXpu7lDK4fjDkgelTuNOJyc5bLLUgAtfbQwibDpd/bw3yfBGdYfUVa8UFW1dZ26K
> eQ9+z0FgDa/NgzrFO2CiVo9mMSwNJADjCA2vJBaHpqUWKJpnBib4wXhyJVebZWeO
> U0TbgnbB4on6Pykuu3yVMZl9RN4Z7KDdRbw1CEW3BhPabnYVfxS9/1XAwMeyTnc7
> AxG+YSa/TrKR7UpFFocVmz9lzCVYAXoGC/eghz3y2ZxGSJ5oJdlUEtxCfPUEy3KN
> wQy0oQIXY/JRm9GWg+s+
> =hUpa
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
