Good Morning! On Mon, 15 Mar 2004 15:13:08 -0400 Lars Higham <[EMAIL PROTECTED]> wrote:
> The following are the ports assigned to Corba; you might try opening > these up and watching your log to see what's used and what's blocked - > corba-iiop 683/tcp CORBA IIOP > corba-iiop 683/udp CORBA IIOP > corba-iiop-ssl 684/tcp CORBA IIOP SSL > corba-iiop-ssl 684/udp CORBA IIOP SSL > cma 1050/tcp CORBA Management Agent > cma 1050/udp CORBA Management Agent > corbaloc 2809/tcp CORBA LOC > corbaloc 2809/udp CORBA LOC > -----Original Message----- > Sent: Monday, March 15, 2004 2:31 PM [...] > The application guys are telling me that I need to allow all TCP high > ports(over 1024) because it uses a dynamic port allocation after the > initial negotiation. > It's this true? Does anyone had experience with this? > Firewall-1 has a service, type other, called IIOP that uses port 1571. CORBA is one of those (with respect to firewalling/packet filtering) braindead RPCish protocols. The ports you have found listed in FW1 and above are(usually) only the control channel. It is not unusual that tcp/80 is(mis)used for this one, too - "because it usually is allowed through firewalls" *sigh* On this control channel the "real" data ports are negotiated - which are dynamically allocated tcp/>1023 - and can be initiated in either direction. So - just be careful. Bye Volker Tanger ITK Security Herzlich willkommen vom 18.-24. Maerz 2004 auf unserem CeBIT-Messestand, Halle 13, D 58 - unter dem Motto "DeTeWe- Your connection to the world". Welcome to our CeBIT exhibition stand from the 18th - 24th March 2004, hall 13 - D 58, under the motto "DeTeWe - Your connection to the world". ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
