[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver through a firewall?

Greg A. Woods woods@weird.com
Mon, 13 Jan 2003 10:55:13 -0800 (PST)

[ On , January 13, 2003 at 08:50:17 (-0500), cfowler wrote: ]
> Subject: Re: MAXMEMB
> I'll give more insight to why I did this.  It is almost impossible for
> me to gain access to my consoles over a firewall.   You see the the main
> process offers me port 1024 then adds 1 each new connection.  I can not
> open up 1024 - 1096 or whatever on my firewall.  What we've done is made
> it simple.  Now the process only uses 783 and 782 ports and no more. 
> This may not be an issue for some but was for us.  Maybe this behavior
> is something that can be looked at in 8.0 version.  Having 2 possible
> ports are okay but having a  N number of possible ports, IMHO are not.  

I would suggest that even if you have really secure SSL configuration
integrated into your conserver clients you still really shouldn't be
trying to access conserver through a firewall (normally SSL only
provides privacy, not authentication (and certainly not easy-to-use
authentication), and conserver's own authentication mechanisms are not
really strong enough to use from a really remote client.  You should
probably have some secure host on the inside that you can login with SSH
to and then use the console client from there.

								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>