[JDEV] Firewall jumping

Thomas Charron tcharron at ductape.net
Fri Jan 21 11:59:06 CST 2000 

Quoting "Michael D. Johnson" <mike_johnson at credence.com>:
> Sean is right. The firewall server here regardless of the request for
> HTTP 1.1 or higher ALWAYS returns a HTTP 1.0 session. I think this is
> why Tomas suggested the cacheing at the transport layer which also keeps
> all the messages under the jserver and not the HTTP server.

  Yeppers..  Support, one, everyone's happy.  Support the other later, when it 
can improve performance..

> Secondly, after consideration, I think we will be restricted by
> practicality to the etherxd <==> HTTP firewall <==> etherxd  type of
> connection.  Not because the client <==> jserver HTTP on firewall <==>
> etherxd doesn't work, but because politically most users and some
> developers have NO permissions to start up processes on the firewall. As
> long as we as individuals have the right to start up jserver on the
> firewall then we have fewer problems, but as my own situation is to have
> NO permission on the firewall, I tend to think most others will be in
> the same boat.

  Ahh, but here's the fun part..  ;-P

  If you have a 'designated' etherx installed outside the firewall/proxy, that 
KNOWS about the etherx inside, you can setup an MX record via DNS to point at 
that 'designated' server.  It can then store your etherx streams *for* you, 
untill you're inside the firewall etherx connects to 'pull' the stream data 
that has been pooled..  It then forwards all outgoing streams to the designated 
etherx, which routes them away.  It's called ROUTING, BABEE!!  ;-P

          Firewall            Etherx sending data for the outside Etherx
             |               /
  Inside     |    Outside   /
  Etherx ----|----Etherx---<
             |              \
             |               \
             |                Etherx sending to inside etherx, looking up via
                              MX record, pointing to a different etherx that
                              serves as a 'router'.

  The etherx outside knows it has to spool for the inside etherx when it 
recieves streams for it, and does so.  Periodically, the incide etherx goes out 
via HTTP and talks to the outside etherx, and exchanges stream data.

  This 'spooling' method could also be used for NON HTTP connections as well, 
such as etherx's running inside a company, who would dial up on occasion, and 
exchange streams with an external server.  Once again, it's routing..  ;-P

--- 
Thomas Charron
<< Wanted: One decent sig >>
<< Preferably litle used  >>
<< and stored in garage.  ?>>

More information about the JDev mailing list