From owner-freebsd-stable Fri Feb 28 6:52:46 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6797837B401 for ; Fri, 28 Feb 2003 06:52:44 -0800 (PST) Received: from vivaldi.meteo.fr (vivaldi.meteo.fr [137.129.28.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0C8C43FCB for ; Fri, 28 Feb 2003 06:52:42 -0800 (PST) (envelope-from igor.pokrovsky@cnrm.meteo.fr) Received: from cti825.cnrm.meteo.fr (localhost.meteo.fr [127.0.0.1]) by vivaldi.meteo.fr (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id OAA26748 for ; Fri, 28 Feb 2003 14:52:39 GMT Received: from xdata.cnrm.meteo.fr (xdata.cnrm.meteo.fr [137.129.150.2]) by cti825.cnrm.meteo.fr (8.9.3 (PHNE_18546)/8.9.3) with ESMTP id PAA23681; Fri, 28 Feb 2003 15:52:37 +0100 (MET) Received: from cnrm.meteo.fr (mai3.cnrm.meteo.fr [137.129.157.34]) by xdata.cnrm.meteo.fr with ESMTP (8.9.3 (PHNE_18546)/8.7.1) id PAA21245; Fri, 28 Feb 2003 15:52:37 +0100 (MET) Message-ID: <3E5F77B4.4392E9FD@cnrm.meteo.fr> Date: Fri, 28 Feb 2003 15:52:36 +0100 From: Igor Pokrovsky X-Mailer: Mozilla 4.06 [en] (X11; I; HP-UX B.10.20 9000/780) MIME-Version: 1.0 To: "Patrick M. Hausen" Cc: stable@freebsd.org Subject: Re: problems with getting through firewall using CVSup References: <200302281442.h1SEg0RV042490@hugo10.ka.punkt.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (cti825/CNRM) Organization: METEO FRANCE(CNRM) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Patrick M. Hausen wrote: > > Hi! > Sergey Osokin wrote: > > > > Is there any way to make it work? > > > To fool firewall? > > > > Yes, looks like a bad/fool/stupid firewall administriva. > > No. This looks exactly like the correct way to implement > a firewall. > > Everything which is not on the "explicitly permitted" list > is denied by default. > > So users tring new and "interesting" protocols and services > have to check if what they are trying to do is in accordance > with the security policy first. > > I know, there are lots of companies that permit any inside > initiated TCP connection. I'd call this stupid if not > explicitly decided upon and documented. Yes. I agree, maybe this is a good policy. And moreover I think that they closed port 5999 on firewall because of my activities :-) Perhaps they thought that I'm trying do something, which will break their security. Maybe because port number is not very popular :-) > And last - maybe they are running a strict application level > gateway like Gauntlet or Sidewinder? If this is the case the > admin must define a custom TCP proxy for CVSup, first. No. Fortunatly. But is there any way to do anything without asking firewall admin to open 5999 port? -- Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message