Re: About Port Forwarding, Apache and Firewall Rules

[Barney Wolff <barney () databus com>]

On Mon, Aug 30, 2004 at 07:52:50AM -0400, Jim Seymour wrote:
> I've seen it argued, by residential broadband customers, that "my ISP
> doesn't really care."  Maybe sometimes they don't.  But I suspect any
> ISP that's gone to the trouble to block inbound port 80 really means
> it.  And I really think firewall-wizards ought not be actively helping
> somebody violate their ISP's TOS.  What's next: "Can you help me set up
> a secure 'bot net?"

How did we get from {ISP blocks inbound connects to port 80} to
{customer is not allowed to run any servers}?  I don't see that as
a logical conclusion.  If the ISP wanted to block all servers it could
perfectly well block inbound connects to all ports and make its customers
use passive ftp, which they should be doing anyway.  If the actual TOS
says no servers, that's another story, but if the OP said that I missed it.
The ISP may be blocking 80 to protect customers from running inadvertent
servers - we know that IIS is sometimes activated by things that one
would not expect, and in those cases is unlikely to be patched.

In any case, Apache can be configured to listen on any port, so there is
no particular reason to have to translate the port number when going
through the NAT.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards