Re: Understanding NAT, Firewalls, TCP/IP
- From: Nigel Wade <nmw@xxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 11:59:50 +0000
Roedy Green wrote:
> On Wed, 11 Jan 2006 10:56:18 +0100, Thomas Weidenfeller
> <nobody@xxxxxxxxxxxxxxxx> wrote, quoted or indirectly quoted someone
> who said :
>
>>It is not clear from your
>>description who initiates the connection. If you have some client behind
>>a NAT which initiates a connection it shouldn't be a problem.
> My project is a tool for organising the internationalisation of Java
> code by teams. See http://mindprod.com/projects/internationaliser.html
> for my latest thinking on how this will work.
>
> The client would initiate connections and there is no client to client
> communication. Just traditional client to server.
Provided there is no server-to-client communication other than on the
client-initiated socket, there shouldn't be any problem due to NAT.
>
> Some of the clients will be relatively computer naive people working
> on home computers in remote parts of the globe as language
> translators. They may have a home router firewall, or some software
> firewall, which they will not understand. They will have just plugged
> it in and left it to defaults.
Most home NAT routers don't even have a firewall. Those which do are generally
shipped with the firewall disabled. It's only people who know about them (and
possibly how to set them up) who will use them. It's very unlikely they would
block outgoing connections on ports other than http/ftp.
Personal, software, firewalls are becoming much more common. When the user tried
to connect to your server using your client software they ought to get a
warning of some sort. You'd need to warn your users of this, so they would be
expecting it and not "panic" and block it.
>
> I want wondering if there are firewalls that might by default block
> outgoing tcp/ip connections to anything other than port 80 or FTP
> ports.
If the user is behind a "corporate" firewall there's a good chance that this
will be true. Given that, it's also true that the firewall will [probably] be
administered by someone competent who can be asked for assistance in enabling
connection to your server. It's also true that many network/security admins are
not reasonable people...
Many real firewalls now do deep packet inspection and look at the contents of
the packets, which makes it much more difficult for you to "hijack" the http or
ftp port for your own, custom, protocol.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
.
- Follow-Ups:
- Re: Understanding NAT, Firewalls, TCP/IP
- From: Chris Uppal
- Re: Understanding NAT, Firewalls, TCP/IP
- References:
- Understanding NAT, Firewalls, TCP/IP
- From: Roedy Green
- Re: Understanding NAT, Firewalls, TCP/IP
- From: Mark H
- Re: Understanding NAT, Firewalls, TCP/IP
- From: Roedy Green
- Re: Understanding NAT, Firewalls, TCP/IP
- From: Thomas Weidenfeller
- Re: Understanding NAT, Firewalls, TCP/IP
- From: Roedy Green
- Understanding NAT, Firewalls, TCP/IP
- Prev by Date: Search in CSV files
- Next by Date: Please Help?
- Previous by thread: Re: Understanding NAT, Firewalls, TCP/IP
- Next by thread: Re: Understanding NAT, Firewalls, TCP/IP
- Index(es):
Relevant Pages
|
