Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Do you allow http to ports other than 80?

To: "'Greg Winkler'" <[email protected]>, [email protected]
Subject: RE: [FW1] Do you allow http to ports other than 80?
From: "McCammon, Keith" <[email protected]>
Date: Tue, 17 Jul 2001 18:34:30 -0400
Sender: [email protected]

That's a pretty strange situation you've got on your hands.  At some point I
think that you need to draw the line or perhaps look into getting some type
of justification for this.  I've run networks with upwards of 3000 users and
*never once* have a had a request to access a website (through a firewall)
on any port other than 80 or 8080.  My opinion: sneaky users or suspect web
sites.

Keith

-----Original Message-----
From: Greg Winkler [mailto:[email protected]]
Sent: Monday, July 16, 2001 3:34 PM
To: [email protected]
Subject: [FW1] Do you allow http to ports other than 80?




Recently I've been bombarded by requests from my users to gain access to
websites outside the company that run on ports other than 80. Off the top
of my head I recall sites running on 9022, 8095, 81, 89, 8081, 8080, and
I'm sure I've forgotten a few. Up until today I could never get them to
work. I've just learned that, YES, it is possible to allow this on a
firewall by creating a new service with a protocol type set to URI and by
adding a line to fwauthd.conf of the format

port#         in.ahttpd       wait    0

It was the update to fwauthd.conf that had me stymied.

My only objection now is that each of these new ports requires another http
security server process to monitor it. I'd just as soon not have a million
security servers running on my firewall to support a very small community
of users who need access to these oddball websites.

Just what is it with these website admins? Why must they run their sites on
odd port numbers? What's scary is that some of the sites are running on
ports that have been assigned to other services. What the heck is one to do
when the web-site conflicts with the legitimate use of that port?

I feel like making a stand...."Just say NO to websites that don't run on
port 80". But it appears I will just get stampeded. Do you allow access to
these sites where you work?

----------------------------------------------------------------------------
------------

Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [email protected]
Voice:Fax:============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] Do you allow http to ports other than 80?
  - From: Bob Smith <[email protected]>

Prev by Date: [FW1] Can anyone say if PPTP and static NAT are definitely supported by V4.1????
Next by Date: Re: [FW1] Do you allow http to ports other than 80?
Previous by thread: RE: [FW1] Do you allow http to ports other than 80?
Next by thread: RE: [FW1] Do you allow http to ports other than 80?
Index(es):
- Date
- Thread