[ale] Firewall Administrative Question

John Mills "jmills at tga.com" at tga.com
Tue Jun 20 17:35:41 EDT 2000



Hello -

I would like to write a set of clients and servers, each pair of which
would would communicate using a different packet sub-type, each presenting
to a firewall as HTTP/1.1. The actual data would consist of well-formed
HTTP Requests and HTTP Responses. The content-type would be "text/xml" or
"application/xml". I would like to use a set of port numbers other than
the usual 80 and 443, so that each service could be assigned a port
number and those clients would use that port for their default connection.

In summary, this box would behave like an HTTP/1.1 client except that it
would work to a non-standard set of ports.

Technically I think this amounts to "HTTP Tunnelling" as a [hopefully]
non-threatening way to pass several types of exchange through a proxy
firewall (or a number of them) without having to use another box ahead of
the client to decode each packet's type to determine which service was
appropriate.

The question is this: in the typical enterprise with a strong, content-
filtering proxy firewall, how much trouble will the MIS department have to
go to allow this?

How risky do you think this type of setup would appear to an 'average'
firewall administrator?

Any experience with available firewalls, or any policy information you
could share, would be great. Thanks for any comments.

Regards -

   John Mills
   Sr. Software Engineer
   TGA Technologies, Inc.
   100 Pinnacle Way, Suite 140
   Norcross, GA 30071-3633
   e-mail: jmills at tga.com
   Phone: 770-441-2100 ext.124 (voice)
          770-449-7740 (FAX)

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list