On 28 Nov 2004, [EMAIL PROTECTED] wrote: > I have a bunch of developers behind a squid firewall. Only http/https > are allowed out. What is a simple/secure way to let the at least pull > CVS down from the Internet (ex: sourceforge) and preferable do CVS > checkins too. An iptables masquerade is not at the top of the list of > options.
Permit 'CONNECT' to the cvs pserver port (2409, IIRC, but check that), and then give them the `httptunnel', `corkscrew' or `proxychains' packages. That will allow them to make a vaguely passable shot at getting at the outside world. ...alternately, talk to management and get them to alter security policy to permit access to that service on the Internet; it is, after all, business related. As usual, a non-technical solution to a non-technical problem is the best path, where possible. Regards, Daniel -- A companion, unobtrusive Plays the song that's so elusive And the magic music makes your morning mood. -- Rush, _The Spirit of Radio_, 1980