<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: what port number to use?
From: Kambiz Aghaiepour <kambiz,AT,redhat,DOT,com>
Date: Thu, 9 Aug 2001 16:05:15 +0200
In-reply-to: <Pine.SOL.4.10.10108082118500.28873-100000@masto.uku.fi>

Karl Kleinpaste wrote:
> 
> For the NAT'ing firewall case, if _one_ endpoint is NAT'd and the
> other is not, then the non-NAT endpoint can be set up with address
> 0.0.0.0 and port 0 for the mate's address, and the NAT endpoint can
> then be responsible for establishing the connection to the non-NAT
> endpoint.

Actually, I don't think this would work because cipe is udp based. So if the
NAT endpoint establishes the connection to the non-NAT, the non-NAT will try
to respond with UDP traffic destined to the NATting firewall, which drops the
packet.

But I agree with you in that, if a routable IP address is behind a firewall,
and that firewall is incorrectly setup where it allows arbitrary UDP
connections for certain protocols (e.g. bind, ntp), then it is possible to
break through the firewall.  Of course, it is almost trivial to create tunnels
through almost any firewall if the policy permits outbound connections such as
ssh.  But again, as was pointed out earlier, this would rightfully be a
fireable offense.

Kambiz

-- 
\o__O  o       Kambiz Aghaiepour     -       Red Hat, Inc.       o   o
  \_  /|\  Sr. System Administrator  |\|  (919) 547-0012 x251   //\ //\
   |\  |\ -=-=-=-=-=-=-=-=-=-=-=-=-  | | -=-=-=-=-=-=-=-=-=-=-   //  //
  / /  |/  mailto:kambiz,AT,redhat,DOT,com    | http://www.redhat.com   |\  ||





<< | Thread Index | >> ]    [ << | Date Index | >> ]