[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OK, Now I see what the firewall issues are with Cfengine in our envi
From: |
Jamie Wilkinson |
Subject: |
Re: OK, Now I see what the firewall issues are with Cfengine in our environment |
Date: |
Fri, 25 Jun 2004 11:10:15 +1000 |
User-agent: |
Mutt/1.5.6+20040523i |
This one time, at band camp, Mark.Burgess@iu.hio.no wrote:
>I don't know if it is possible to fix the sender port in a tcp
>connection.
FWIW, it is possibly to use a specific source port (BIND does so when
given the query-source parameter) though I agree that it is unnecessary:
the majority of client applications that I know of always leave it to
the operating system to choose an unprivileged source port.
If you do specify the source port in the client, then I see two options:
a) specify an unprivileged port and have extra code to cope when another
application is currently using that (wait for it to become available?
abort and print a message? try another port (thus defeating the purpose
of using a specific port in the first place)? what if the application
that has this port open is a long running process?
b) use a privileged port, say 5308 as it's already cfengine's number,
and don't run cfservd on the same interface as cfagent.
--
jaq@spacepants.org http://spacepants.org/jaq.gpg