when a firewall can't act as a proxy server for a service
Peter Murray
PMurray at law.uconn.edu
Wed Aug 21 21:25:16 EDT 2002
--On Wednesday, August 21, 2002 4:09 AM -0700 Info Galway Library
<info at galwaylibrary.ie> wrote:
> There is a rule set up in the firewall to allow z39.50 communication
> through.
>
> Lately, we had the idea of specifying the firewall as the default
> gateway since we can't specify it as the proxy server. We tried this
> unsuccessfully with http (the browser is connecting without a proxy
> server and the default gateway is the firewall).
I think this approach should work. The only potential problem that
comes to mind is maybe the firewall rule is set up wrong. The rule
probably has (at least) four pieces, and they should be something like:
Source IP address: (your network)
Source Port: (any port greater than 2047)
Destination IP address: (the specific server, or a wildcard entry
to access any server)
Destination Port: 210 (that is Z39.50, isn't it? *)
To do it with HTTP, replace '210' above with '80'. This will work with
most web servers, but there are some web servers which do not run on the
default port 80, so a proxy server is probably still best for http.
Peter
(* Yeah, it is:
<http://www.iss.net/security_center/advice/Exploits/Ports/210/default.ht
m>)
--
Peter Murray, Computer Services Librarian W: 860-570-5233
University of Connecticut Law School Hartford, Connecticut
More information about the Web4lib
mailing list