Re: How can I make the server to call back to client without being blocked by firewall.
From: David Schwartz (davids@webmaster.com)Date: 09/30/02
- Next message: Martin Nyfeler: "Blocking outgoing ports behind IPCOP"
- Previous message: Bernie M: "Re: How can I make the server to call back to client without being blocked by firewall."
- In reply to: Bernie M: "Re: How can I make the server to call back to client without being blocked by firewall."
- Next in thread: jeff Lee: "Re: How can I make the server to call back to client without being blocked by firewall."
- Reply: jeff Lee: "Re: How can I make the server to call back to client without being blocked by firewall."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David Schwartz <davids@webmaster.com> Date: Mon, 30 Sep 2002 03:18:45 -0700
Bernie M wrote:
> > Our application will have thousands of clients, and any one of them can
> > make
> > connection to any one of others via our server. Therefore, our server has
> > to somehow do a call back to tell the called client that somebody is
> > trying
> > to
> > reach him. I am sure we will hit fire wall when our server tries to open a
> > connection
> > to the client.
> >
> > We don't want to slack the client's fire wall at all, so I am thinking
> > an always on TCP connections from the clients to our server may solve the
> > problem.
> > Anyway all the clients have to log in before they can make a call or be
> > called.
> >
> > Do you think this will work?
All you have to do to make an application firewall friendly is the
following:
1) If you prefer to use UDP, offer an option to fallback to TCP as
well.
2) Make sure any client software you develop permits a proxy to be
configured.
3) Document exactly what ports you use and what types of connections
you use.
4) Provide a mode that requires the client to only make outbound TCP
connections.
This will allow anyone who wants to use your application to properly
configure their firewalls and clients. Do not ever attempt to evade or
bypass firewalls by using provisions intended for one protocol to
smuggle through another. This will just result in reputable firms
blacklisting your application.
DS
- Next message: Martin Nyfeler: "Blocking outgoing ports behind IPCOP"
- Previous message: Bernie M: "Re: How can I make the server to call back to client without being blocked by firewall."
- In reply to: Bernie M: "Re: How can I make the server to call back to client without being blocked by firewall."
- Next in thread: jeff Lee: "Re: How can I make the server to call back to client without being blocked by firewall."
- Reply: jeff Lee: "Re: How can I make the server to call back to client without being blocked by firewall."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
