At 07:14 PM 2/11/03 -0800, Tom Eastep wrote:
Lynn Avants wrote:
That used to be somewhat true until stateful firewalls started being used.
Before that there would have been so many problems with net-based
applications
while filtering high-ports that most firewall's never gave much thought
to blocking this traffic under SOHO use.
There is something that we are missing here regarding the difference
between his Dachstein and Bering configurations. Not only would these high
ports have to have been open but they would have to have been forwarded to
the internal machine running his P2P application. That would have required
an explicit configuration action on his part.
I *think* this assertion is incorrect. The firewall paper Sean referred us
to *seems* to be describing a workaround for exactly this requirement. I
don't fully understand how they do it (either the paper intentionally omits
some key technical detail, or I just missed it). Lynn's suggestion above, a
more succinct expression of the thought I talked about in rambly form, is
probably closer to the target.
The exception would be if the application is built on some standard
technology like IRC where a masquerade module is available on Dachstein
but not on Bering.
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
