[Spread-users] changing topology, security, and firewalls
Clark C . Evans
cce at clarkevans.com
Mon Apr 1 16:41:57 EST 2002
| > Third, I was wondering if communication between segments
| > could be implemented using asymmetric HTTP/HTTPS over port 80/443.
| > connections (no incoming connections of any type).
|
| Clearly you can configure Spread to use whatever ports you like. There's
| no need to use HTTP or HTTPS, since the firewall usually only concerns
| itself with the port number, not the content of the packets.
Sorry to be so ignorant here. Is there more detail as to how
inter-segment connections are handled? Assume that I have three
segments A, B, C, such that the only connections are from A->C and
B->C. In other words, a box in segment A or B can initiate
connections to boxes in segment C but not to each other or reverse.
Is this topology possible? Is there a way to specify that a server
X in segment A should connect to a server Y in segment C which should
forward the message to server Z in segmnet Y.
For extra bonus points, can this mechanism work with httptunnel or
Kaichuan He's firewall tunnel? Unfortunately, I think HTTP over
port 80 is required since a few firewalls (and the ones that I use)
actively peek into the content to make sure that HTTP is being
used on the port (god knows why).
Best,
Clark
More information about the Spread-users
mailing list