info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS behind a firewall.


From: Gianni Mariani
Subject: RE: CVS behind a firewall.
Date: Sat, 13 Oct 2001 15:53:56 -0700

Which incoming ports do you restrict ?

You should probably restrict 0-1023,5990-6009,2401(:)),5432 (and a few
others).
If you restrict them all then no packets can come through unless you set up
a
specific 2401 tcp proxy server.

My strong suggestion is to ask a different mailing list, you'll probably get
a better answer.

If you're desperate, I can give you an ipchains (need a Linux 2.2 kernel
afaik) script that I use and works fine for me.  There are a whole bunch of
ip firewall scripts on freshmeat.  Try one of those.

G

-----Original Message-----
From: address@hidden [mailto:address@hidden Behalf Of
William Burrow
Sent: Saturday, October 13, 2001 3:06 PM
To: address@hidden; address@hidden
Subject: Re: CVS behind a firewall.


What understanding did you gain?  I have the same problem, but do not
restrict ANY outgoing ports.


In gnu.cvs.help, you wrote:
>Thanks Larry.
>You've solved my problem and improved my basic understanding ( and that of
>my network administrator too !!).
>
>
>
>----- Original Message -----
>From: "Larry Jones" <address@hidden>
>To: "Tarun Garg" <address@hidden>
>Cc: <address@hidden>
>Sent: Saturday, October 13, 2001 10:36 PM
>Subject: Re: CVS behind a firewall.
>
>
>> Tarun Garg writes:
>> >
>> > Does the cvs client randomly pick up ports at the client end ( in case
>of
>> > pserver)?
>>
>> Yes.  That's the way essentially *all* TCP/IP clients work -- only the
>> server uses a well-known port.
>>
>> > Can I specify the port to be used at the client side ?
>>
>> No.
>>
>> > Or is there something wrong with our firewalling ( or proxy) software?
>>
>> No.
>>
>> > Is there something wrong with my understanding/expectation ?
>>
>> Yours or your firewall administrator's.  You need need to configure the
>> firewall to allow outgoing connections from any (non-reserved) port to
>> port 2401.  The rule should look almost exactly like the rule for telnet
>> except for the different well-known port number.
>>
>> -Larry Jones
>>
>> The surgeon general should issue a warning about playing with girls. --
>Calvin
>>
>
>


--
--
William Burrow  --  New Brunswick, Canada             o
Copyright 2001 William Burrow                     ~  /\
                                                ~  ()>()

_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs




reply via email to

[Prev in Thread] Current Thread [Next in Thread]