Date: Thu, 12 Jul 2012 23:08:40 +0400 From: Peter Vereshagin <peter@vereshagin.org> To: freebsd-questions@freebsd.org Subject: Re: Is there a way to run FreeBSD ports through port 80? Message-ID: <20120712190840.GC10822@external.screwed.box> In-Reply-To: <44bojk3jkv.fsf@be-well.ilk.org> References: <CAPj0R5KJ=0yFcQG5azYfCS73oWLAfJhf4NpAz5Oozo4N-vYQyg@mail.gmail.com> <op.whcd9pee34t2sn@tech304> <CAPj0R5%2Bt4Z-2ZSXNd_%2BvcVxGrdw%2BGi__MUACHdq2PQpX-8NLhg@mail.gmail.com> <44k3y83nib.fsf@be-well.ilk.org> <20120712174139.GA10822@external.screwed.box> <44bojk3jkv.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello. 2012/07/12 14:44:48 -0400 Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> => To Peter Vereshagin : LG> Peter Vereshagin <peter@vereshagin.org> writes: LG> LG> > 2012/07/12 13:19:56 -0400 Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> => To Kaya Saman : LG> > LG> URLs as well as FTP. For ones that aren't, (and assuming the rather LG> > LG> silly security policies won't allow for an external web-based FTP proxy) LG> > LG> you may need to bring them in by offline media. LG> > LG> > I believe there should be the way of using the passive ftp (and any other LG> > protocol) via the HTTP CONNECT method to the ftp (or any other port needed for LG> > other protocol/app) port and then handling the both control and data LG> > connections through the consequent copmmands and data exhange. LG> LG> You've just described an FTP proxy. That's already been ruled out. But I thought the squid-like http proxy while serving the FTP URLs is what the ftp proxy is? It's a different matter at least because it's a nothing about HTTP's CONNECT method. Can you point me to a definition of 'ftp proxy' please? Wikipedia and Google have nothing on this. What I described is mentioned as 'http tunneling' in delegate's docs and isn't specific for ftp at all. LG> > Most surprise for me is why no one is interested about what kind of a danger LG> > the ftp protocol can ever be? i. e. skype is much more vicious in comparison to LG> > ftp and s much harder to be restricted by a packet filter if even possoible. LG> LG> Unfortunately, it's common. Often it's a reaction to the idea that FTP LG> is an insecure protocol -- which is true, in a sense, because LG> authentication information is passed in the clear, but irrelevant to LG> anonymous use. This is silly, yes, but it's fairly popular among the LG> types of "IT" people who think that NAT is a security service. Or LG> possibly Nothing But HTTP is allowed through the firewall (which is, at LG> least, a rational response to not knowing much about TCP/IP). Management is always the same on both sides of Earth, right. -- Peter Vereshagin <peter@vereshagin.org> (http://vereshagin.org) pgp: A0E26627
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120712190840.GC10822>