Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Jul 2012 21:28:54 +0100
From:      Kaya Saman <kayasaman@gmail.com>
To:        kpneal@pobox.com
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: Is there a way to run FreeBSD ports through port 80?
Message-ID:  <4FFF3386.1060109@gmail.com>
In-Reply-To: <20120712191306.GA24943@neutralgood.org>
References:  <CAPj0R5KJ=0yFcQG5azYfCS73oWLAfJhf4NpAz5Oozo4N-vYQyg@mail.gmail.com> <alpine.BSF.2.00.1207121940400.2744@wojtek.tensor.gdynia.pl> <CAPj0R5KsUdM6LsrtvDzSVBScO9k-TFoa=D6O6ghsch0Y-iNx%2BQ@mail.gmail.com> <20120712191306.GA24943@neutralgood.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 07/12/2012 08:13 PM, kpneal@pobox.com wrote:
> On Thu, Jul 12, 2012 at 06:44:56PM +0100, Kaya Saman wrote:
>> I do infact work for this company and additionally I am one of the
>> administrators of the company.
>>
>> The information comes straight down from the IT director who will
>> **not** change his mind on this as I have asked several times in the
>> past.
>>
>>
>> Basically without getting too distracted and off-topic: I open the
>> ports on the firewall - tomorrow I am not employed anymore
> So called "active" ftp requires having the server open a connection back
> to the client. This will be blocked by a firewall unless the firewall
> has special support for it. I can see having a firewall not allow
> those connections into your network.
>
> With "passive" ftp with or without a proxy all connections are opened from
> your end. No opening up of the firewall is required.  Plus, if you don't
> touch your filewall then attempted use of active ftp will just result in
> a hung network connection.
>
> I believe active ftp was the default and perhaps only option for a number
> of years.
>
> Does your IT director understand the active/passive distinction? If not
> then perhaps you could explain it in a way that acknowledges that his
> concerns have some merit but those concerns are not relevant to passive
> ftp.
>
> Yes, this is very easy for me to suggest since I don't know any of the
> relevant people and my paycheck is not on the line. And my suggestion
> may be worth what you paid for it. ;)
>
Hi,

of course everything is known but still it is preferred to keep a total 
lock-down on outbound ports.

We handle a lot of highly sensitive information and that's the need for 
the severe lock-down. Even the web-proxy is restricted to the sites 
accessible meaning that we need to request access if we need to go 
somewhere not governed by that proxy.


Regards,


Kaya




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FFF3386.1060109>