[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS behind a firewall.

From: Gianni Mariani
Subject: RE: CVS behind a firewall.
Date: Sat, 13 Oct 2001 15:53:56 -0700

Which incoming ports do you restrict ?

You should probably restrict 0-1023,5990-6009,2401(:)),5432 (and a few
If you restrict them all then no packets can come through unless you set up
specific 2401 tcp proxy server.

My strong suggestion is to ask a different mailing list, you'll probably get
a better answer.

If you're desperate, I can give you an ipchains (need a Linux 2.2 kernel
afaik) script that I use and works fine for me.  There are a whole bunch of
ip firewall scripts on freshmeat.  Try one of those.


-----Original Message-----
From: address@hidden [mailto:address@hidden Behalf Of
William Burrow
Sent: Saturday, October 13, 2001 3:06 PM
To: address@hidden; address@hidden
Subject: Re: CVS behind a firewall.

What understanding did you gain?  I have the same problem, but do not
restrict ANY outgoing ports.

In, you wrote:
>Thanks Larry.
>You've solved my problem and improved my basic understanding ( and that of
>my network administrator too !!).
>----- Original Message -----
>From: "Larry Jones" <address@hidden>
>To: "Tarun Garg" <address@hidden>
>Cc: <address@hidden>
>Sent: Saturday, October 13, 2001 10:36 PM
>Subject: Re: CVS behind a firewall.
>> Tarun Garg writes:
>> >
>> > Does the cvs client randomly pick up ports at the client end ( in case
>> > pserver)?
>> Yes.  That's the way essentially *all* TCP/IP clients work -- only the
>> server uses a well-known port.
>> > Can I specify the port to be used at the client side ?
>> No.
>> > Or is there something wrong with our firewalling ( or proxy) software?
>> No.
>> > Is there something wrong with my understanding/expectation ?
>> Yours or your firewall administrator's.  You need need to configure the
>> firewall to allow outgoing connections from any (non-reserved) port to
>> port 2401.  The rule should look almost exactly like the rule for telnet
>> except for the different well-known port number.
>> -Larry Jones
>> The surgeon general should issue a warning about playing with girls. --

William Burrow  --  New Brunswick, Canada             o
Copyright 2001 William Burrow                     ~  /\
                                                ~  ()>()

Info-cvs mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]