[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OK, Now I see what the firewall issues are with Cfengine in our envi
Re: OK, Now I see what the firewall issues are with Cfengine in our environment
Fri, 25 Jun 2004 11:10:15 +1000
This one time, at band camp, address@hidden wrote:
>I don't know if it is possible to fix the sender port in a tcp
FWIW, it is possibly to use a specific source port (BIND does so when
given the query-source parameter) though I agree that it is unnecessary:
the majority of client applications that I know of always leave it to
the operating system to choose an unprivileged source port.
If you do specify the source port in the client, then I see two options:
a) specify an unprivileged port and have extra code to cope when another
application is currently using that (wait for it to become available?
abort and print a message? try another port (thus defeating the purpose
of using a specific port in the first place)? what if the application
that has this port open is a long running process?
b) use a privileged port, say 5308 as it's already cfengine's number,
and don't run cfservd on the same interface as cfagent.