Is there a way to run FreeBSD ports through port 80?
kayasaman at gmail.com
Thu Jul 12 20:28:54 UTC 2012
On 07/12/2012 08:13 PM, kpneal at pobox.com wrote:
> On Thu, Jul 12, 2012 at 06:44:56PM +0100, Kaya Saman wrote:
>> I do infact work for this company and additionally I am one of the
>> administrators of the company.
>> The information comes straight down from the IT director who will
>> **not** change his mind on this as I have asked several times in the
>> Basically without getting too distracted and off-topic: I open the
>> ports on the firewall - tomorrow I am not employed anymore
> So called "active" ftp requires having the server open a connection back
> to the client. This will be blocked by a firewall unless the firewall
> has special support for it. I can see having a firewall not allow
> those connections into your network.
> With "passive" ftp with or without a proxy all connections are opened from
> your end. No opening up of the firewall is required. Plus, if you don't
> touch your filewall then attempted use of active ftp will just result in
> a hung network connection.
> I believe active ftp was the default and perhaps only option for a number
> of years.
> Does your IT director understand the active/passive distinction? If not
> then perhaps you could explain it in a way that acknowledges that his
> concerns have some merit but those concerns are not relevant to passive
> Yes, this is very easy for me to suggest since I don't know any of the
> relevant people and my paycheck is not on the line. And my suggestion
> may be worth what you paid for it. ;)
of course everything is known but still it is preferred to keep a total
lock-down on outbound ports.
We handle a lot of highly sensitive information and that's the need for
the severe lock-down. Even the web-proxy is restricted to the sites
accessible meaning that we need to request access if we need to go
somewhere not governed by that proxy.
More information about the freebsd-questions