On Thursday 06 September 2007 10:35, Chaim Keren-Tzion wrote: > I need to run an application that uses IRC as it's backend server. IRCD > usually runs on port 6667/tcp. Some firewalls are configured to block > outgoing traffic to all ports other than common ones like 80 etc. Would I > be able to make the app more accessible by running the IRCD on port 80 (or > using port forwarding from External_IP:80 to Internal_IP:6667 in my > firewall)? What would be the down side? Would certain firewalls block the > app just because it's sending non http traffic to port 80? Is this a > reasonable solution? Are there other better ones?
Not only would you have problems due to application level firewalls (layer 7 filtering etc), you'll also encounter a much more serious problem: Transparent HTTP Proxies. Those intercept all traffic with dport tcp/80 and try to serve it. They usually do not know to TCP-passthru connections that came with invalid HTTP requests - but instead - will simply return an error of "malformed HTTP request" (wording may vary). -- Shimi ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
