Re: [Quickfix-developers] Restricting acceptor to specific IP address(es)
Brought to you by:
orenmnero
Menu
▾
▴
Re: [Quickfix-developers] Restricting acceptor to specific IP address(es)
|
From: Oren M. <or...@qu...> - 2006-05-17 19:38:51
|
The single port restriction is no longer true with the latest CVS =20 source. You can now assign the acceptor port on a per session basis. --oren On May 17, 2006, at 2:22 PM, Ajay Kamdar wrote: > QuickFIX Documentation: http://www.quickfixengine.org/quickfix/doc/=20 > html/index.html > QuickFIX Support: http://www.quickfixengine.org/services.html > > A) The last time I checked, QuickFIX allowed only one Acceptor port =20= > for > all the Sessions configured to run within one QuickFIX instance. > B) Say I have sessions S1 through S10 defined within the config file > with ConnectionType=3Dacceptor. All counter parties will have to = connect > to the single acceptor port in (A) > C) The allowed IP addresses for S1-S10 are respectively IP1 through =20= > IP10 > (i.e. IP1 can logon only to S1 but not to S2-S9, IP2 only to S2 but =20= > not > to S1,S3-S9, etc.) > > Given the above scenario, I am afraid I don't get how the local =20 > firewall > process would know enough to accept a socket connection from IP1 =20 > only if > FIX session that would get established (as determined by the SessionID > composed of BeginString,SenderCompID,TargetCompID) is S1 but not =20 > accept > the connection if IP1 is erroneously trying to establish sessions =20 > S2-S9. > For that match to be made correctly, the FIX engine actually has to =20= > also > match the IP address of the socket peer with the allowed IP addresses > for the Session before considering the FIX Session to have been > successfully established. > > - Ajay > > -----Original Message----- > From: Caleb Epstein [mailto:cal...@gm...] > Sent: Wednesday, May 17, 2006 2:48 PM > To: Ajay Kamdar > Cc: Oren Miller; Zoran Cetusic; > qui...@li... > Subject: Re: [Quickfix-developers] Restricting acceptor to specific IP > address(es) > > > On 5/17/06, Ajay Kamdar <Aja...@tr...> wrote: > >> - The local firewall process would need to be understand the concept >> of FIX sessions > > Why? Just restrict access to the port(s) your Acceptor is running =20 > on to > the IPs you want to allow. > > --=20 > Caleb Epstein > caleb dot epstein at gmail dot com > > ----------------------------------------------------------------------=20= > ----- > > The information in this email is confidential and may be legally =20 > privileged. > It is intended solely for the addressee. Access to this email by =20 > anyone else > is unauthorized. If you are not the intended recipient, any =20 > disclosure, copying, > distribution or any action taken or omitted to be taken in reliance =20= > on it, is > prohibited and may be unlawful. > > TradeWeb reserves the right to monitor and review the content of =20 > all messages sent > to or from this e-mail address. Messages sent to or from this e-=20 > mail address may > be stored on the TradeWeb e-mail system. > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, =20 > security? > Get stuff done quickly with pre-integrated technology to make your =20 > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache =20 > Geronimo > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=120709&bid&3057&dat=121642= > _______________________________________________ > Quickfix-developers mailing list > Qui...@li... > https://lists.sourceforge.net/lists/listinfo/quickfix-developers > |
