[AG-TECH] AG behind firewall

Andrew Shewmaker` shewa at inel.gov
Mon Dec 23 11:56:34 CST 2002


I am behind a restrictive firewall and the company policy is to not 
allow any inbound ports to be fully open.  They won't even open 
ports temporarily.  They have told me that if I initiate a connection 
from the inside, then the firewall will allow packets responding to 
mine through.  Of course the AG software sends data back on additional 
ports so it doesn't work (we've got a heartbeat).  We are going to start 
the paperwork to get our machines outside of the company firewall, but I 
had a couple questions?

Does anybody else have a network policy as restrictive as ours?  Moreso?

Would it be reasonable to modify the software to initiate the new 
connections from within the firewall?  Maybe just a modification of the 
QuickBridge?

Is there a tool that I could use to manually initiate connections over 
specified ports so that the firewall knows to allow the responses 
through?

Thanks for any help,

Andrew

On Tue, 17 Dec 2002 16:37:52 -0700
Andrew Shewmaker` <shewa at inel.gov> wrote:

> If I wanted to set up the more permanent solution, would I configure a multicast 
> tunnel route using mrouted[1] or another tool like broadway[2] or smcroute[3]?  
> Is this a separate machine like for the quickbridge or must the firewall 
> itself redistribute multicast through its own GRE tunnel?
> 
> I've read the QuickBridge howto, the Linux kernel docs, the Multicast howto[4], 
> but it is still unclear to me.  I would appreciate it someone could point me 
> to some more documentation or explain it to me.
> 
> Thanks,
> 
> Andrew
> 
> 1. ftp://limestone.uoregon.edu/pub/multicast/mice/mrouted/
> 2. http://www.multicasttech.com/?main=/broadway/index2002.shtml
> 3. http://www.cschill.de/smcroute/
> 4. http://www.linuxdocs.org/HOWTOs/Multicast-HOWTO.html

-- 
Andrew Shewmaker
Associate Engineer
Phone:  208.526.1415
Fax:  208.526.4017

Idaho National Engineering and Environmental Laboratory
2525 Fremont Ave.
Idaho Falls, ID 83415-3605



More information about the ag-tech mailing list