Archive of UserLand's first discussion group, started October 5, 1998.

Re: Firewalls, Hooray

Author:Eric Soroos
Posted:5/5/2000; 3:58:53 PM
Topic:scriptingNews outline for 5/5/2000
Msg #:17026 (In response to 17020)
Prev/Next:17025 / 17027

I think you could assign a different port to each user, and use port forwarding appropriately. That's what I plan to do on my NAT if I ever have time to try out Pike.

I do that. When I had one ip address and several machines, I was running ports 80, 81, 82, 8000, 8080 and 8888 for different httplike services. (including apache and zope on one testing machine, frontier/pike on another, and a couple of other random web services.)

I must also add that NAT is very useful if the isp that you're using tends to change your ip address a bit more often than would otherwise be expected from a static IP service.

There are several classic ways to get things through firewalls, used by various services.

1) Well known ports. Petition to let them through with the admin. (http/smtp/quake)
2) Tunnel through otherwise innocous protocols. (real audio over http)
3) Do some freaky stuff and never tell people what port you're using (Aol IM and Yahoo Messenger)

I have some good ideas of how to get pike through firewalls and intermittent connections. I've got them mostly implemented but they have some implementation compartmentalization issues that I haven't resolved yet.

eric

ps. I have set up several packet filtering 'firewalls'. They do a good job if you know their limitations.






This page was archived on 6/13/2001; 4:55:05 PM.

© Copyright 1998-2001 UserLand Software, Inc.