From owner-freebsd-questions@FreeBSD.ORG Thu Jul 12 19:08:58 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 259C31065698 for ; Thu, 12 Jul 2012 19:08:58 +0000 (UTC) (envelope-from peter@vereshagin.org) Received: from mx1.skyriver.ru (ns1.skyriver.ru [89.108.118.221]) by mx1.freebsd.org (Postfix) with ESMTP id CE2918FC1E for ; Thu, 12 Jul 2012 19:08:57 +0000 (UTC) Received: from localhost (bouazizi.torservers.net [74.120.13.132]) by mx1.skyriver.ru (Postfix) with ESMTPSA id 152735B32 for ; Thu, 12 Jul 2012 23:08:52 +0400 (MSK) Date: Thu, 12 Jul 2012 23:08:40 +0400 From: Peter Vereshagin To: freebsd-questions@freebsd.org Message-ID: <20120712190840.GC10822@external.screwed.box> References: <44k3y83nib.fsf@be-well.ilk.org> <20120712174139.GA10822@external.screwed.box> <44bojk3jkv.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <44bojk3jkv.fsf@be-well.ilk.org> Organization: ' X-Face: 8T>{1owI$Byj]]a; ^G]kRf*dkq>E-3':F>4ODP[#X4s"dr?^b&2G@'3lukno]A1wvJ_L(~u 6>I2ra/<,j1%@C[LN=>p#_}RIV+#:KTszp-X$bQOj,K Subject: Re: Is there a way to run FreeBSD ports through port 80? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 19:08:58 -0000 Hello. 2012/07/12 14:44:48 -0400 Lowell Gilbert => To Peter Vereshagin : LG> Peter Vereshagin writes: LG> LG> > 2012/07/12 13:19:56 -0400 Lowell Gilbert => To Kaya Saman : LG> > LG> URLs as well as FTP. For ones that aren't, (and assuming the rather LG> > LG> silly security policies won't allow for an external web-based FTP proxy) LG> > LG> you may need to bring them in by offline media. LG> > LG> > I believe there should be the way of using the passive ftp (and any other LG> > protocol) via the HTTP CONNECT method to the ftp (or any other port needed for LG> > other protocol/app) port and then handling the both control and data LG> > connections through the consequent copmmands and data exhange. LG> LG> You've just described an FTP proxy. That's already been ruled out. But I thought the squid-like http proxy while serving the FTP URLs is what the ftp proxy is? It's a different matter at least because it's a nothing about HTTP's CONNECT method. Can you point me to a definition of 'ftp proxy' please? Wikipedia and Google have nothing on this. What I described is mentioned as 'http tunneling' in delegate's docs and isn't specific for ftp at all. LG> > Most surprise for me is why no one is interested about what kind of a danger LG> > the ftp protocol can ever be? i. e. skype is much more vicious in comparison to LG> > ftp and s much harder to be restricted by a packet filter if even possoible. LG> LG> Unfortunately, it's common. Often it's a reaction to the idea that FTP LG> is an insecure protocol -- which is true, in a sense, because LG> authentication information is passed in the clear, but irrelevant to LG> anonymous use. This is silly, yes, but it's fairly popular among the LG> types of "IT" people who think that NAT is a security service. Or LG> possibly Nothing But HTTP is allowed through the firewall (which is, at LG> least, a rational response to not knowing much about TCP/IP). Management is always the same on both sides of Earth, right. -- Peter Vereshagin (http://vereshagin.org) pgp: A0E26627