(Illustration by Gaich Muramatsu)
On Sun, Feb 04, 2001 at 01:20:36PM -0500, Brad Clements wrote: > Apparently part of the coda protocol negotiates the use of dynamic ports, > other than the ones listed in the coda documentation. A recent client with the masquerade=1 option enabled in the venus.conf file will `connect' from some local udp port to udp port 2432 on the codaserver. It will use the same local port for the lifetime of the venus process. All communication will be limited to these ports. Without the masquerade option, venus uses udp 2430 and 2431 to communicate with 2432 and 2433 on the server. The 2431/2433 ports are used for the data transfers, and the server->client communication is blocked by masquerading firewalls. clog/cpasswd/au will communicate from an arbitrary local port to 370/udp where the auth2 daemon is listening. As far as server-server, updateclnt-updatesrv, and volutil-server are concerned, Servers are assumed to be co-located (i.e. in the same machine room), so they will have problems with firewalls. I don't think that `fixing' this is very important as it actually improve security (or at least obscurity) of these daemons behind a firewall. > This causes real problems with firewalls and such. > > What's the best way to fix this? Can someone point me towards the > offending sub-system or code? Maybe I can take a whack at the problem. Eh, it doesn't really fall into any subsystem. It involves (at least) the following daemons and applications: updateclnt, updatesrv, volutil, codasrv, backup. JanReceived on 2001-02-04 16:12:00