[AG-TECH] AG behind firewall
Andrew Shewmaker`
shewa at inel.gov
Mon Dec 23 11:56:34 CST 2002
I am behind a restrictive firewall and the company policy is to not
allow any inbound ports to be fully open. They won't even open
ports temporarily. They have told me that if I initiate a connection
from the inside, then the firewall will allow packets responding to
mine through. Of course the AG software sends data back on additional
ports so it doesn't work (we've got a heartbeat). We are going to start
the paperwork to get our machines outside of the company firewall, but I
had a couple questions?
Does anybody else have a network policy as restrictive as ours? Moreso?
Would it be reasonable to modify the software to initiate the new
connections from within the firewall? Maybe just a modification of the
QuickBridge?
Is there a tool that I could use to manually initiate connections over
specified ports so that the firewall knows to allow the responses
through?
Thanks for any help,
Andrew
On Tue, 17 Dec 2002 16:37:52 -0700
Andrew Shewmaker` <shewa at inel.gov> wrote:
> If I wanted to set up the more permanent solution, would I configure a multicast
> tunnel route using mrouted[1] or another tool like broadway[2] or smcroute[3]?
> Is this a separate machine like for the quickbridge or must the firewall
> itself redistribute multicast through its own GRE tunnel?
>
> I've read the QuickBridge howto, the Linux kernel docs, the Multicast howto[4],
> but it is still unclear to me. I would appreciate it someone could point me
> to some more documentation or explain it to me.
>
> Thanks,
>
> Andrew
>
> 1. ftp://limestone.uoregon.edu/pub/multicast/mice/mrouted/
> 2. http://www.multicasttech.com/?main=/broadway/index2002.shtml
> 3. http://www.cschill.de/smcroute/
> 4. http://www.linuxdocs.org/HOWTOs/Multicast-HOWTO.html
--
Andrew Shewmaker
Associate Engineer
Phone: 208.526.1415
Fax: 208.526.4017
Idaho National Engineering and Environmental Laboratory
2525 Fremont Ave.
Idaho Falls, ID 83415-3605
More information about the ag-tech
mailing list