RE: [leaf-user] tftp and network.conf

2002-06-09 Thread Joey Officer 

I am aware of the point made about the Xserver being unsecure.  However, I
am running the ltsp on a box behind the dachstein router.  Presumably noone
would be able to get to that machine w/o first getting past the router.  I'm
not claiming that I'm completely secure, just that the server in my case
only allows specific ip addresses through, not any kind of range, and not
without first creating an IPSec tunnel.

David, the information in question concerning the x-server, are these
standard ports or what would be a better way of doing this?

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Douthitt
Sent: Thursday, June 06, 2002 10:49 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] tftp and network.conf

On Thu, Jun 06, 2002 at 10:03:21PM -0500, guitarlynn wrote:
 On Thursday 06 June 2002 21:28, [EMAIL PROTECTED] wrote:

  EXTERN_UDP_PORTS=ip.ad.dr.es/32_tftp
  EXTERN_PROTO0=69 ip.ad.dr.es/32
 
  I would presumably also need a line for the x-server, but I
  don't know of-hand what it is.. at any rate... does
  something like this work?

 the stated tftp probably won't work, unless the variable is
 matched to a port number. So you will probably need to
 find out what port tftp runs on and substitute it in the line.

Port 69 is tftp; the service name is tftp.

 The same goes for allowing X-servers, vnc, and anything
 else (that should probably been sent through a ssh or
 zebedee encrypted tunnel in my view).

vnc uses ports 5900+display# (for standard VNC), 5800+display#
(for Java VNC client) and perhaps one other.

ssh uses port 22.

X is a special case, and requires special handling.  You can't
just forward it to another location.  ssh has special
handling to forward X connections and can do it well -
and encrypted besides.

X is a well-known security risk; no X server should probably
be on (or available to) the Internet.


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] tftp and network.conf

2002-06-08 Thread David Douthitt 

On Thu, Jun 06, 2002 at 10:03:21PM -0500, guitarlynn wrote:
 On Thursday 06 June 2002 21:28, [EMAIL PROTECTED] wrote:
 
  EXTERN_UDP_PORTS=ip.ad.dr.es/32_tftp
  EXTERN_PROTO0=69 ip.ad.dr.es/32
 
  I would presumably also need a line for the x-server, but I
  don't know of-hand what it is.. at any rate... does
  something like this work?
 
 the stated tftp probably won't work, unless the variable is
 matched to a port number. So you will probably need to 
 find out what port tftp runs on and substitute it in the line.

Port 69 is tftp; the service name is tftp.

 The same goes for allowing X-servers, vnc, and anything
 else (that should probably been sent through a ssh or 
 zebedee encrypted tunnel in my view).

vnc uses ports 5900+display# (for standard VNC), 5800+display#
(for Java VNC client) and perhaps one other.

ssh uses port 22.

X is a special case, and requires special handling.  You can't
just forward it to another location.  ssh has special
handling to forward X connections and can do it well -
and encrypted besides.

X is a well-known security risk; no X server should probably
be on (or available to) the Internet.


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] tftp and network.conf

2002-06-06 Thread jofficer 

I'm trying to get something working at work, and I need to
be able to allow tftp and ultimately an x-server.

first I assume that I can add a a few lines into the
network.conf similar to the following

EXTERN_UDP_PORTS=ip.ad.dr.es/32_tftp
EXTERN_PROTO0=69 ip.ad.dr.es/32

I would presumably also need a line for the x-server, but I
don't know of-hand what it is.. at any rate... does
something like this work?

joey



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html