[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-help-public] Firewalls
|
From: |
Sylvain Beucler |
|
Subject: |
Re: [Savannah-help-public] Firewalls |
|
Date: |
Wed, 16 Mar 2005 01:16:05 +0100 |
|
User-agent: |
Mutt/1.4.2.1i |
Hello sysadmins,
On Sat, Mar 12, 2005 at 05:15:59PM -0500, Richard Stallman wrote:
> The person replied that would not help, because apparently the problem
> is not so much the firewall, but rather the use of a proxy to access
> the WWW.
>
> It's true that this would not help with a proxy. But I think it would
> help in Syria, where the ISPs simply don't allow SSH.
In order to allow people behind web-only proxies or fascist firewalls
to access CVS, a solution is to bind our CVS+SSH daemon on a new IP on
port 443 (https). It requires a free public IP on the GNU network.
Michael J. Flickinger suggested another solution that involves Tor
(tor.eff.org); it does not work for people behind web-only proxies
right now, but theorically it could. Using Tor doesn't require any
change at Savannah, although it implies a performance hit for the
client.
Do we have free public IP addresses on the GNU network? We will
certainly need other free IPs when installing new version control
systems at Savannah, such as Arch or SVN, or if there are few public
IP addresses left, we have to consider this choice carefully.
RMS: I apologize for what I wrote, it appears to be wrong. It is
possible to bypass a proxy that allow https - since the proxy won't be
able to determine whether the client is using https or ssh when
connecting to remote port 443, and since https proxying has to be
basically a simple port forwarding.
Anyway, I strongly suggest accompagning any documentation about this
with a warning telling users to get their admins to change the
situation. We might write a webpage explaining the problem to such
admins.
--
Sylvain