[. On , January 13, 2003 at 08:50:17 (-0500), cfowler wrote: ]
> Subject: Re: MAXMEMB
>
> I'll give more insight to why I did this. It is almost impossible for
> me to gain access to my consoles over a firewall. You see the the main
> process offers me port 1024 then adds 1 each new connection. I can not
> open up 1024 - 1096 or whatever on my firewall. What we've done is made
> it simple. Now the process only uses 783 and 782 ports and no more.
> This may not be an issue for some but was for us. Maybe this behavior
> is something that can be looked at in 8.0 version. Having 2 possible
> ports are okay but having a N number of possible ports, IMHO are not.
I would suggest that even if you have really secure SSL configuration
integrated into your conserver clients you still really shouldn't be
trying to access conserver through a firewall (normally SSL only
provides privacy, not authentication (and certainly not easy-to-use
authentication), and conserver's own authentication mechanisms are not
really strong enough to use from a really remote client. You should
probably have some secure host on the inside that you can login with SSH
to and then use the console client from there.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>
> Subject: Re: MAXMEMB
>
> I'll give more insight to why I did this. It is almost impossible for
> me to gain access to my consoles over a firewall. You see the the main
> process offers me port 1024 then adds 1 each new connection. I can not
> open up 1024 - 1096 or whatever on my firewall. What we've done is made
> it simple. Now the process only uses 783 and 782 ports and no more.
> This may not be an issue for some but was for us. Maybe this behavior
> is something that can be looked at in 8.0 version. Having 2 possible
> ports are okay but having a N number of possible ports, IMHO are not.
I would suggest that even if you have really secure SSL configuration
integrated into your conserver clients you still really shouldn't be
trying to access conserver through a firewall (normally SSL only
provides privacy, not authentication (and certainly not easy-to-use
authentication), and conserver's own authentication mechanisms are not
really strong enough to use from a really remote client. You should
probably have some secure host on the inside that you can login with SSH
to and then use the console client from there.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>