[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVS behind a firewall.
From: |
Gianni Mariani |
Subject: |
RE: CVS behind a firewall. |
Date: |
Sat, 13 Oct 2001 15:53:56 -0700 |
Which incoming ports do you restrict ?
You should probably restrict 0-1023,5990-6009,2401(:)),5432 (and a few
others).
If you restrict them all then no packets can come through unless you set up
a
specific 2401 tcp proxy server.
My strong suggestion is to ask a different mailing list, you'll probably get
a better answer.
If you're desperate, I can give you an ipchains (need a Linux 2.2 kernel
afaik) script that I use and works fine for me. There are a whole bunch of
ip firewall scripts on freshmeat. Try one of those.
G
-----Original Message-----
From: address@hidden [mailto:address@hidden Behalf Of
William Burrow
Sent: Saturday, October 13, 2001 3:06 PM
To: address@hidden; address@hidden
Subject: Re: CVS behind a firewall.
What understanding did you gain? I have the same problem, but do not
restrict ANY outgoing ports.
In gnu.cvs.help, you wrote:
>Thanks Larry.
>You've solved my problem and improved my basic understanding ( and that of
>my network administrator too !!).
>
>
>
>----- Original Message -----
>From: "Larry Jones" <address@hidden>
>To: "Tarun Garg" <address@hidden>
>Cc: <address@hidden>
>Sent: Saturday, October 13, 2001 10:36 PM
>Subject: Re: CVS behind a firewall.
>
>
>> Tarun Garg writes:
>> >
>> > Does the cvs client randomly pick up ports at the client end ( in case
>of
>> > pserver)?
>>
>> Yes. That's the way essentially *all* TCP/IP clients work -- only the
>> server uses a well-known port.
>>
>> > Can I specify the port to be used at the client side ?
>>
>> No.
>>
>> > Or is there something wrong with our firewalling ( or proxy) software?
>>
>> No.
>>
>> > Is there something wrong with my understanding/expectation ?
>>
>> Yours or your firewall administrator's. You need need to configure the
>> firewall to allow outgoing connections from any (non-reserved) port to
>> port 2401. The rule should look almost exactly like the rule for telnet
>> except for the different well-known port number.
>>
>> -Larry Jones
>>
>> The surgeon general should issue a warning about playing with girls. --
>Calvin
>>
>
>
--
--
William Burrow -- New Brunswick, Canada o
Copyright 2001 William Burrow ~ /\
~ ()>()
_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs