[LARTC] Allowing CVS, RCP SCP

2002-07-04 Thread A. Peter Mee 

Hi all,

Could someone give me some pointers to achieving stable cvs and rcp access
through a fairly restrictive firewall.  I'm using a 2.4.18 kernel which
defaults to dropping everthing, then punching holes where needed and
SNATting the internal network.  Single-socket protocols (http, smtp, pop3)
do currently function correctly through the firewall so I'm assuming the cvs
and rcp/scp protocols are not single-socket.  The ftp and irc protocols also
function correctly through the firewall.

If something more specific about my configuration is needed, I'll be happy
to oblige. ;-)

TIA

Cheers,

Pete Mee


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Allowing CVS, RCP SCP

2002-07-04 Thread bert hubert 

On Thu, Jul 04, 2002 at 02:01:07PM +0100, Alex Bennee wrote:
 A. Peter Mee said:
  Hi all,
 
  Could someone give me some pointers to achieving stable cvs and rcp
  access through a fairly restrictive firewall.  I'm using a 2.4.18
  kernel which defaults to dropping everthing, then punching holes where
  needed and SNATting the internal network.  Single-socket protocols
  (http, smtp, pop3) do currently function correctly through the firewall
  so I'm assuming the cvs and rcp/scp protocols are not single-socket.
  The ftp and irc protocols also function correctly through the firewall.
 
 ssh is a single socket protocol. If you can ssh through your firewall then
 you can use scp. You can even tunnel other ports over the single ssh
 connection (e.g. X).
 
 CVS isn't a network protocol. You generally run it using remote shell tools,
 in the CVS manual it allows you to specifify how with the CVS_RSH evrionment
 variable.

CVS 'pserver' lives on port 2401. Use netstat -an to see which ports have
LISTENing sockets, and open up those ports.

Regards,

bert

-- 
http://www.PowerDNS.com  Versatile DNS Software  Services
http://www.tk  the dot in .tk
http://lartc.org   Linux Advanced Routing  Traffic Control HOWTO
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Allowing CVS, RCP SCP

2002-07-04 Thread Alex Bennee 

bert hubert said:
 On Thu, Jul 04, 2002 at 02:01:07PM +0100, Alex Bennee wrote:
 A. Peter Mee said:
  snip
  Could someone give me some pointers to achieving stable cvs and rcp
  access through a fairly restrictive firewall.
  snip

 CVS isn't a network protocol. You generally run it using remote shell
 tools, in the CVS manual it allows you to specifify how with the
 CVS_RSH evrionment variable.

 CVS 'pserver' lives on port 2401. Use netstat -an to see which ports
 have LISTENing sockets, and open up those ports.

Quite correct of course.

There are numerous ways of accessing remote CVS repositries (see
http://www.cvshome.org/docs/manual/cvs_2.html#SEC26). CVS over ssh seems to
be the preffered method of large development communities (sourceforge and
savanah at least). Once you've got ssh working you don't need to do any
additional (network level) work to get CVS running. I would generally be
wary of just opening up ports that are listening without being aware of the
security implications of using that protocol. The CVS documentation suggests
Kerboros over pserver for security. ssh works just as well (the documention
only refers to rsh which isecure but replaceable by ssh).

Alex
www.bennee.com/~alex/


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/