Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Mon, 12 Aug 2002 16:30:25 -0700, "John D. Gwinner" <jgwinner at dazsi.com> wrote: >Actually, I'm not sure that's true. I was thinking of installing CVS on a >software firewall, and in this case I would want the firewall acting on port >2401 on the external LAN card, and CVSNT acting on the internal NIC. > >It's obviously better to have 2 machines, but a standard technique is to run >your 'server' on the internal NIC, then create a mapping in the firewall >software from it's external IP / port to the internal address ("Server >publishing"). That way, the firewall can detect port scans and can log >connection attempts. If CVSNT starts before the packet filter, the packet >filter can't grab the port -and if you start the packet filter first, it's >possible CVSNT might get confused (I'm not sure, I'd have to try this). > In that case you're only binding to a single address so the BindAddress key will work. OTOH A firewall should not have server software running on it. CVSNT is not secure enough for that kind of thing (at least it's never been validated as secure, which virtually guarantees that some kind of hole exists somewhere). Tony