Archive of UserLand's first discussion group, started October 5, 1998.
Re: Firewalls, Hooray
Author: Eric Soroos Posted: 5/5/2000; 3:58:53 PM Topic: scriptingNews outline for 5/5/2000 Msg #: 17026 (In response to 17020) Prev/Next: 17025 / 17027 I think you could assign a different port to each user, and use port forwarding appropriately. That's what I plan to do on my NAT if I ever have time to try out Pike.
I do that. When I had one ip address and several machines, I was running ports 80, 81, 82, 8000, 8080 and 8888 for different httplike services. (including apache and zope on one testing machine, frontier/pike on another, and a couple of other random web services.)
I must also add that NAT is very useful if the isp that you're using tends to change your ip address a bit more often than would otherwise be expected from a static IP service.
There are several classic ways to get things through firewalls, used by various services.
1) Well known ports. Petition to let them through with the admin. (http/smtp/quake)
2) Tunnel through otherwise innocous protocols. (real audio over http)
3) Do some freaky stuff and never tell people what port you're using (Aol IM and Yahoo Messenger)I have some good ideas of how to get pike through firewalls and intermittent connections. I've got them mostly implemented but they have some implementation compartmentalization issues that I haven't resolved yet.
eric
ps. I have set up several packet filtering 'firewalls'. They do a good job if you know their limitations.
This page was archived on 6/13/2001; 4:55:05 PM.
© Copyright 1998-2001 UserLand Software, Inc.