[JDEV] Firewall jumping

Michael D. Johnson mike_johnson at credence.com
Fri Jan 21 12:17:04 CST 2000 

Do both inside and out side set up the MX records?

Thomas Charron wrote:
> 
> Quoting "Michael D. Johnson" <mike_johnson at credence.com>:
> > Sean is right. The firewall server here regardless of the request for
> > HTTP 1.1 or higher ALWAYS returns a HTTP 1.0 session. I think this is
> > why Tomas suggested the cacheing at the transport layer which also keeps
> > all the messages under the jserver and not the HTTP server.
> 
>   Yeppers..  Support, one, everyone's happy.  Support the other later, when it
> can improve performance..
> 
> > Secondly, after consideration, I think we will be restricted by
> > practicality to the etherxd <==> HTTP firewall <==> etherxd  type of
> > connection.  Not because the client <==> jserver HTTP on firewall <==>
> > etherxd doesn't work, but because politically most users and some
> > developers have NO permissions to start up processes on the firewall. As
> > long as we as individuals have the right to start up jserver on the
> > firewall then we have fewer problems, but as my own situation is to have
> > NO permission on the firewall, I tend to think most others will be in
> > the same boat.
> 
>   Ahh, but here's the fun part..  ;-P
> 
>   If you have a 'designated' etherx installed outside the firewall/proxy, that
> KNOWS about the etherx inside, you can setup an MX record via DNS to point at
> that 'designated' server.  It can then store your etherx streams *for* you,
> untill you're inside the firewall etherx connects to 'pull' the stream data
> that has been pooled..  It then forwards all outgoing streams to the designated
> etherx, which routes them away.  It's called ROUTING, BABEE!!  ;-P
> 
>           Firewall            Etherx sending data for the outside Etherx
>              |               /
>   Inside     |    Outside   /
>   Etherx ----|----Etherx---<
>              |              \
>              |               \
>              |                Etherx sending to inside etherx, looking up via
>                               MX record, pointing to a different etherx that
>                               serves as a 'router'.
> 
>   The etherx outside knows it has to spool for the inside etherx when it
> recieves streams for it, and does so.  Periodically, the incide etherx goes out
> via HTTP and talks to the outside etherx, and exchanges stream data.
> 
>   This 'spooling' method could also be used for NON HTTP connections as well,
> such as etherx's running inside a company, who would dial up on occasion, and
> exchange streams with an external server.  Once again, it's routing..  ;-P
> 
> ---
> Thomas Charron
> << Wanted: One decent sig >>
> << Preferably litle used  >>
> << and stored in garage.  ?>>
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list