Hi- (This is a slightly different twist on the wget/firewall issue)
The situation is that I have a server that is live on the internet and is hosting several web sites as well as some databases. For obvious reasons, the firewall is using a very restrictive set of ipchains rulesets. In fact, just about everything is blocked by default. There is one particular server program that sometimes uses wget to retrieve updated information from different servers, so I would like to add some rulesets to ipchains to enable wget to retrieve needed info. Here is my problem: When wget is called, it is dynamically picking a port on my local server to use when trying to establish a connection to a remote machine, so unless I open up a large number of ports in my firewall, the connection is never established. I did a fair amount of searching on Google regarding this issue, and saw one email from late 2003, where someone indicated that support for binding wget to a specific port was forthcoming, but I am running version 1.8.2 and I get an error when I try to specify a port number like this: bind_address = xxx.xxx.xxx.xxx:32000 Dropping the port number stops the error from appearing, but then wget picks a port dynamically so I am back where I started. If I could bind wget to a specific port, I could set up a rule to open that port, but if wget is picking a port dynamically then I would need to open up every port, which is not desirable. Am I approaching this problem correctly? I would imagine that other people have encountered this same problem. As more people tighten up their machine security in the wake of constant viruses and worms, it will probably become an even larger issue. Is there a standard way to enable use of wget through a firewall? Or is there a later version of wget that has support for binding wget to a single port? Or is there a way to configure ipchains, so that wget can get through without opening the box up to the world on every port? Any assistance is appreciated. Thanks. -Kushmit P.S.- I am not on this list, so please CC me directly on any responses. P.P.S - I am aware of the "passive_ftp" flag, but even if that is set, wget still chooses a port dynamically, which causes problems for my firewall configuration.
