[Spread-users] changing topology, security, and firewalls

Clark C . Evans cce at clarkevans.com
Mon Apr 1 16:41:57 EST 2002

| > Third, I was wondering if communication between segments
| > could be implemented using asymmetric HTTP/HTTPS over port 80/443.
| > connections (no incoming connections of any type).
| Clearly you can configure Spread to use whatever ports you like. There's
| no need to use HTTP or HTTPS, since the firewall usually only concerns
| itself with the port number, not the content of the packets.

Sorry to be so ignorant here.  Is there more detail as to how
inter-segment connections are handled?  Assume that I have three
segments A, B, C, such that the only connections are from A->C and
B->C.  In other words, a box in segment A or B can initiate
connections to boxes in segment C but not to each other or reverse.
Is this topology possible? Is there a way to specify that a server 
X in segment A should connect to a server Y in segment C which should
forward the message to server Z in segmnet Y.

For extra bonus points, can this mechanism work with httptunnel or
Kaichuan He's firewall tunnel?  Unfortunately, I think HTTP over
port 80 is required since a few firewalls (and the ones that I use)
actively peek into the content to make sure that HTTP is being
used on the port (god knows why).



More information about the Spread-users mailing list