Customer-facing ACLs
Jon Lewis
jlewis at lewis.org
Wed Mar 19 03:47:41 UTC 2008
On Tue, 18 Mar 2008, Marshall Eubanks wrote:
>> If it becomes normal for home users to only have 80 and 443, then how can I
>> innovate and design something that needs a new protocol ? What happens to
>> the new voice and video services for example ?
>
> The DOD has already been faced with this (I know of some AFB that have
> instituted this policy).
>
> The solution, of course, is to hire consultants (SIBR if possible) to port
> everything to port 80 !
That's been going on for years. Back when it was common for ISPs to run
squid servers and transparently proxy to them (probably around 2000), I
ran into a customer using some sort of aviation data in real time app
which used port 80 (and wasn't HTTP). I had to special case traffic to
that service's IP to get it not to hit squid. When I asked them why they
were running a non-HTTP protocol on 80/tcp, the answer was "that gets us
through most firewalls."
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list