RE: [FW1] HTTP over different ports, e.g. 8080, 89

Thu, 29 Mar 2001 07:26:15 -0800 


Greg,

You have to add that port into the fwauthd.conf file so that the FW knows
it's an HTTP port and can do what's necessary as HTTP and not just as any
old standard port.

The phoneboy site has something about that. See the following for exact
description of what needs to be done.

http://www.phoneboy.com/faq/0135.html

Mike

> -----Original Message-----
> From: Greg Winkler [SMTP:[EMAIL PROTECTED]]
> Sent: ä îøõ 29 2001 16:38
> To:   [EMAIL PROTECTED]
> Subject:      [FW1] HTTP over different ports, e.g. 8080, 89
> 
> 
> I don't know why webmasters do this but recently I've been plagued by
> problems when users try to connect to websites via URL's that use what I'm
> calling an alternate port. For example, this URL
> http://technet.oracle.com:89/cgi-bin/Ultimate.cgi?action=intro&BypassCooki
> e=true
> , would use HTTP over port 89. Another common one I've seen is 8080 and
> I've run across others as well.
> 
> The problem I have is that the firewall drops these connection attempts
> because they are made over a port I normally don't allow out the firewall.
> I can create a new service definition for these ports and then create a
> rule that looks like for example, "InternalNet   any   HTTP89   accept"
> and
> the connections work. However when I try to run the connection through the
> HTTP security server as in "InternalNet   any   HTTP89 -> AcceptAll
> accept" they seem to get lost. I no longer see drops in the logs but
> neither do the connections succeed. I think it's a problem with the
> security server.
> 
> Any ideas how to get the security server to process the oddball URL's.
> 
> 
> 
> --------------------------------------------------------------------------
> --------------
> 
> Greg Winkler
> Systems Manager, IT&S
> Huntsman Corporation
> Internet Mail: [EMAIL PROTECTED]
> Voice: (713) 235-6018
> Fax: (713) 235-6890
> 
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to