RE: [Quickfix-developers] Restricting acceptor to specific IP address(es)
Brought to you by:
orenmnero
Menu
▾
▴
RE: [Quickfix-developers] Restricting acceptor to specific IP address(es)
|
From: Ajay K. <Aja...@tr...> - 2006-05-17 19:23:15
|
A) The last time I checked, QuickFIX allowed only one Acceptor port for all the Sessions configured to run within one QuickFIX instance.=20 B) Say I have sessions S1 through S10 defined within the config file with ConnectionType=3Dacceptor. All counter parties will have to connect to the single acceptor port in (A) C) The allowed IP addresses for S1-S10 are respectively IP1 through IP10 (i.e. IP1 can logon only to S1 but not to S2-S9, IP2 only to S2 but not to S1,S3-S9, etc.) Given the above scenario, I am afraid I don't get how the local firewall process would know enough to accept a socket connection from IP1 only if FIX session that would get established (as determined by the SessionID composed of BeginString,SenderCompID,TargetCompID) is S1 but not accept the connection if IP1 is erroneously trying to establish sessions S2-S9. For that match to be made correctly, the FIX engine actually has to also match the IP address of the socket peer with the allowed IP addresses for the Session before considering the FIX Session to have been successfully established. - Ajay -----Original Message----- From: Caleb Epstein [mailto:cal...@gm...]=20 Sent: Wednesday, May 17, 2006 2:48 PM To: Ajay Kamdar Cc: Oren Miller; Zoran Cetusic; qui...@li... Subject: Re: [Quickfix-developers] Restricting acceptor to specific IP address(es) On 5/17/06, Ajay Kamdar <Aja...@tr...> wrote: > - The local firewall process would need to be understand the concept=20 > of FIX sessions Why? Just restrict access to the port(s) your Acceptor is running on to the IPs you want to allow. --=20 Caleb Epstein caleb dot epstein at gmail dot com -------------------------------------------------------------------------= -- The information in this email is confidential and may be legally = privileged. It is intended solely for the addressee. Access to this email by anyone = else is unauthorized. If you are not the intended recipient, any disclosure, = copying, distribution or any action taken or omitted to be taken in reliance on = it, is prohibited and may be unlawful. TradeWeb reserves the right to monitor and review the content of all = messages sent to or from this e-mail address. Messages sent to or from this e-mail = address may be stored on the TradeWeb e-mail system. |
