[Spread-users] changing topology, security, and firewalls
Ben Laurie
ben at algroup.co.uk
Tue Apr 2 09:21:35 EST 2002
"Clark C . Evans" wrote:
>
> | > Third, I was wondering if communication between segments
> | > could be implemented using asymmetric HTTP/HTTPS over port 80/443.
> | > connections (no incoming connections of any type).
> |
> | Clearly you can configure Spread to use whatever ports you like. There's
> | no need to use HTTP or HTTPS, since the firewall usually only concerns
> | itself with the port number, not the content of the packets.
>
> Sorry to be so ignorant here. Is there more detail as to how
> inter-segment connections are handled? Assume that I have three
> segments A, B, C, such that the only connections are from A->C and
> B->C. In other words, a box in segment A or B can initiate
> connections to boxes in segment C but not to each other or reverse.
> Is this topology possible? Is there a way to specify that a server
> X in segment A should connect to a server Y in segment C which should
> forward the message to server Z in segmnet Y.
>
> For extra bonus points, can this mechanism work with httptunnel or
> Kaichuan He's firewall tunnel? Unfortunately, I think HTTP over
> port 80 is required since a few firewalls (and the ones that I use)
> actively peek into the content to make sure that HTTP is being
> used on the port (god knows why).
Then use 443, which can't be peeked.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the Spread-users
mailing list