W3C home > Mailing lists > Public > ietf-discuss@w3.org > August 2001

Re: Use ofHTTP to pass firewalls

From: Patrik Fältström <paf@cisco.com>
Date: Wed, 22 Aug 2001 10:04:23 +0200
To: Keith Moore <moore@cs.utk.edu>, Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
cc: jpalme@dsv.su.se, discuss@apps.ietf.org
Message-ID: <542826.998474663@localhost>
--On 01-08-14 12.40 -0400 Keith Moore <moore@cs.utk.edu> wrote:

> If we used SRV records to pick ports then the firewalls would just
> intercept DNS queries to know which ports to intercept, and this
> would just create a bigger mess.  Especially given that NATs do 
> something like this already.

Let me ask you if you think a variant of this is ok:

(1) Let's say we have a DNS server which when it gets a DNS query
_requests_ an ip address and port number combination, just like you can
request an IP address from a DHCP server. After getting the data back, that
ip-address/port number is given back in DNS.

(2) Let's say the application on the inside of the firewall is requesting
an IP-address / port number from a firewall, and when the data is returned,
dynamic update in DNS is used to update the SRV which is given back to the
requesting client.

Is (1) and/or (2) ok?

I.e. I feel the real question is how one in a legitimate way can request a
(virtual) portnumber and ip address can be requested from for example a
firewall, NAT box or whatever.

  paf
Received on Wednesday, 22 August 2001 04:38:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 9 December 2014 23:04:05 UTC