[Spread-users] changing topology, security, and firewalls

[Ben Laurie]

"Clark C . Evans" wrote:
> 
> | > Third, I was wondering if communication between segments
> | > could be implemented using asymmetric HTTP/HTTPS over port 80/443.
> | > connections (no incoming connections of any type).
> |
> | Clearly you can configure Spread to use whatever ports you like. There's
> | no need to use HTTP or HTTPS, since the firewall usually only concerns
> | itself with the port number, not the content of the packets.
> 
> Sorry to be so ignorant here.  Is there more detail as to how
> inter-segment connections are handled?  Assume that I have three
> segments A, B, C, such that the only connections are from A->C and
> B->C.  In other words, a box in segment A or B can initiate
> connections to boxes in segment C but not to each other or reverse.
> Is this topology possible? Is there a way to specify that a server
> X in segment A should connect to a server Y in segment C which should
> forward the message to server Z in segmnet Y.
> 
> For extra bonus points, can this mechanism work with httptunnel or
> Kaichuan He's firewall tunnel?  Unfortunately, I think HTTP over
> port 80 is required since a few firewalls (and the ones that I use)
> actively peek into the content to make sure that HTTP is being
> used on the port (god knows why).

Then use 443, which can't be peeked.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff