On 9/6/07, Amos Shapira <[EMAIL PROTECTED]> wrote: > > On 06/09/07, Chaim Keren-Tzion <[EMAIL PROTECTED]> wrote: > > > > I need to run an application that uses IRC as it's backend server. IRCD > > usually runs on port 6667/tcp. Some firewalls are configured to block > > outgoing traffic to all ports other than common ones like 80 etc. Would I be > > able to make the app more accessible by running the IRCD on port 80 (or > > using port forwarding from External_IP:80 to Internal_IP:6667 in my > > firewall)? What would be the down side? Would certain firewalls block the > > app just because it's sending non http traffic to port 80? Is this a > > reasonable solution? Are there other better ones? > > > Here is a more direct answer than my previous one - OpenVPN can use SSL > over HTTP: http://rendo.info/?p=67, and just generally if you use SSL on > port 443 I don't think that a firewall can do anything about this but assume > that it's legitimate https traffic. > > --Amos >
Thanks, So, if I understand correctly, Apache's mod_proxy with ProxyPass or a RewriteRule with the [p] flag would do the trick? or should I use Squid? I would then have the app point to port 80 or 443 on a unique IP or Virtual Host name and do an internal proxy to 6667 (IRCD)? Would that resolve the points that Shimi made regarding Application Level Filtering and Transparent HTTP Proxies? or would I need to have some kind of a proxy built into the app, creating real HTTP packets, to avoid those problems? Chaim
