From owner-freebsd-questions@FreeBSD.ORG Thu Jul 12 18:44:51 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 903831065670 for ; Thu, 12 Jul 2012 18:44:51 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by mx1.freebsd.org (Postfix) with ESMTP id 4BFBB8FC12 for ; Thu, 12 Jul 2012 18:44:51 +0000 (UTC) Received: from mail4.sea5.speakeasy.net (mail4.sea5.speakeasy.net [69.17.117.48]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 6FD65A729E6 for ; Thu, 12 Jul 2012 14:44:50 -0400 (EDT) Received: (qmail 7331 invoked from network); 12 Jul 2012 18:44:49 -0000 Received: by simscan 1.4.0 ppid: 7460, pid: 13018, t: 0.1724s scanners: clamav: 0.88.2/m:52/d:10739 Received: from unknown (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail4.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 12 Jul 2012 18:44:49 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id DA1D333C20; Thu, 12 Jul 2012 14:44:48 -0400 (EDT) From: Lowell Gilbert To: Peter Vereshagin , Kaya Saman References: <44k3y83nib.fsf@be-well.ilk.org> <20120712174139.GA10822@external.screwed.box> Date: Thu, 12 Jul 2012 14:44:48 -0400 In-Reply-To: <20120712174139.GA10822@external.screwed.box> (Peter Vereshagin's message of "Thu, 12 Jul 2012 21:41:40 +0400") Message-ID: <44bojk3jkv.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Is there a way to run FreeBSD ports through port 80? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 18:44:51 -0000 Peter Vereshagin writes: > 2012/07/12 13:19:56 -0400 Lowell Gilbert => To Kaya Saman : > LG> URLs as well as FTP. For ones that aren't, (and assuming the rather > LG> silly security policies won't allow for an external web-based FTP proxy) > LG> you may need to bring them in by offline media. > > I believe there should be the way of using the passive ftp (and any other > protocol) via the HTTP CONNECT method to the ftp (or any other port needed for > other protocol/app) port and then handling the both control and data > connections through the consequent copmmands and data exhange. You've just described an FTP proxy. That's already been ruled out. > Most surprise for me is why no one is interested about what kind of a danger > the ftp protocol can ever be? i. e. skype is much more vicious in comparison to > ftp and s much harder to be restricted by a packet filter if even possoible. Unfortunately, it's common. Often it's a reaction to the idea that FTP is an insecure protocol -- which is true, in a sense, because authentication information is passed in the clear, but irrelevant to anonymous use. This is silly, yes, but it's fairly popular among the types of "IT" people who think that NAT is a security service. Or possibly Nothing But HTTP is allowed through the firewall (which is, at least, a rational response to not knowing much about TCP/IP). Be well.