That's correct... although I suspect that some application layer filtering
is also being conducted. Again though, I do have a pretty good IP filtering
ruleset. If it aint' coming from the USA, then the packets find their way to
the bit bucket.
W!ll
-----Original Message-----
From: Joe Matuscak [mailto:matuscak@...]
Sent: Friday, August 15, 2003 5:18 PM
To: William Nett
Subject: RE: [IPCop-user] ssh only from GREEN; is it possible?
On Fri, 15 Aug 2003, William Nett wrote:
> I hope they make port 81's removal an option and not mandatory. My
company's
> corporate firewall does not allow port 445 to be used, but they do allow
81.
> I've got a pretty good ruleset applied to prevent non-admins from
accessing
> the web-interface.
I assume that the issue is the port you're connecting to, not the idea that
81 is unencrypted and 445 is encrypted, right?
If that's the case, I think it reinforces the idea that the port ought to
be configurable. I suppose I should put something in the FAQ to document
what needs to change to move the port around.
> -----Original Message-----
> From: ipcop-user-admin@...
> [mailto:ipcop-user-admin@... Behalf Of Joe Matuscak
> Sent: Wednesday, August 13, 2003 7:32 PM
> To: ipcop-user@...
> Subject: Re: [IPCop-user] ssh only from GREEN; is it possible?
>
>
> On Wed, 13 Aug 2003, Darren Critchley wrote:
>
> > 81 is on it's way out - myself and others had asked Mark about that -
you
> > will note that the last alpha(possibly the last couple) has port 81
> > redirected to 445. I suspect by 1.4 that port 81 will be gone
altogether.
>
> Thats a fine thing.
>
> BTW, I'd argue that the ports for the web server and ssh really ought to
> be configurable from the GUI. I've recently set up an IPcop at my kids
> school and I've configured it to allow me to remotely administer it (SSH
> and https open to my static IPs). Along comes the blaster MS worm de jour
> which among other ports hits 445. Their ISP starts to filter 445. I still
> had ssh access so I could get in and manually change the port in
> httpd.conf and the external access buy editing xtacccess, but thats not a
> very user friendly way to do it.
>
>
> Joe Matuscak
> Rohrer Corporation
> 717 Seville Road
> Wadsworth, Ohio 44281
> (330)335-1541
> matuscak@...
>
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
>
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@...
> https://lists.sourceforge.net/lists/listinfo/ipcop-user
>
Joe Matuscak
Rohrer Corporation
717 Seville Road
Wadsworth, Ohio 44281
(330)335-1541
matuscak@...
|