My prefered method to deal with this is to use a proxy/cache
server like http://www.squid-cache.org/ and setup one rule for all
clients to access the cache on one single port. Depends how many
clients you have though; it could be a lot of work to point them
all to a
proxy.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Greg
> Winkler
> Sent: Monday, July 16, 2001 12:34 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Do you allow http to ports other than 80?
>
>
>
>
> Recently I've been bombarded by requests from my users to gain access to
> websites outside the company that run on ports other than 80. Off the top
> of my head I recall sites running on 9022, 8095, 81, 89, 8081, 8080, and
> I'm sure I've forgotten a few. Up until today I could never get them to
> work. I've just learned that, YES, it is possible to allow this on a
> firewall by creating a new service with a protocol type set to URI and by
> adding a line to fwauthd.conf of the format
>
> port# in.ahttpd wait 0
>
> It was the update to fwauthd.conf that had me stymied.
>
> My only objection now is that each of these new ports requires
> another http
> security server process to monitor it. I'd just as soon not have a million
> security servers running on my firewall to support a very small community
> of users who need access to these oddball websites.
>
> Just what is it with these website admins? Why must they run
> their sites on
> odd port numbers? What's scary is that some of the sites are running on
> ports that have been assigned to other services. What the heck is
> one to do
> when the web-site conflicts with the legitimate use of that port?
>
> I feel like making a stand...."Just say NO to websites that don't run on
> port 80". But it appears I will just get stampeded. Do you allow access to
> these sites where you work?
>
> ------------------------------------------------------------------
> ----------------------
>
> Greg Winkler
> Systems Manager, IT&S
> Huntsman Corporation
> Internet Mail: [EMAIL PROTECTED]
> Voice: (713) 235-6018
> Fax: (713) 235-6890
>
>
>
>
> ==================================================================
> ==============
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
