[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver through a firewall?

Greg A. Woods woods@weird.com
Mon, 13 Jan 2003 10:55:13 -0800 (PST) 

[ On , January 13, 2003 at 08:50:17 (-0500), cfowler wrote: ]
> Subject: Re: MAXMEMB
>
> I'll give more insight to why I did this.  It is almost impossible for
> me to gain access to my consoles over a firewall.   You see the the main
> process offers me port 1024 then adds 1 each new connection.  I can not
> open up 1024 - 1096 or whatever on my firewall.  What we've done is made
> it simple.  Now the process only uses 783 and 782 ports and no more. 
> This may not be an issue for some but was for us.  Maybe this behavior
> is something that can be looked at in 8.0 version.  Having 2 possible
> ports are okay but having a  N number of possible ports, IMHO are not.  

I would suggest that even if you have really secure SSL configuration
integrated into your conserver clients you still really shouldn't be
trying to access conserver through a firewall (normally SSL only
provides privacy, not authentication (and certainly not easy-to-use
authentication), and conserver's own authentication mechanisms are not
really strong enough to use from a really remote client.  You should
probably have some secure host on the inside that you can login with SSH
to and then use the console client from there.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>