On Fri, Apr 27, 2001 at 11:35:04PM +0200, Arne Scheffler wrote: > I got a problem here. > I got an old mac which is the router to the internet. > On my other mac, I have to use cvs to get source. > I only can make a rsh connection to the cvs-server. > The problem is that rserver only permits connections > on ports between 500 & 1000, but the masquerading changes
probably just 0 < port < 1024, but it may have extra limits set up or something... The idea is that the remote user needs root access to bind to ports less than 1024, so the remote user is either root on the machine (in which case the server admin has to trust them) or the setuid-root rsh client binary is the real one, and not an evil one that lets them say they are a different user on the client machine. As you can see, the security mechanism used by rsh trusts a lot of stuff that it would be nice not to, which is why everyone uses ssh now. > the port to something higer than 6000. > Is there an option to change the masquerading stuff ? Not that I know of. You could set up a non-transparent port forwarding thing, so you connect to a certain port on the inside of your firewall, and it connects to the right port on the cvs server _from_ a priviledged port. You could do something like this with netcat, probably. (you might have to use named pipes to get bidirectional forwarding). The best solution would be to install ssh on the cvs server, so you don't have to come from a priviledged port. IP-based authentication is pretty weak. (but definitely better than nothing!). BTW, this really doesn't belong on debian-powerpc. It's not ppc specific at all. It doesn't obviously fall into some other category, so we'll let you live this time ;=) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
