nanog mailing list archives
Re: Customer-facing ACLs
From: Adrian Chadd <adrian () creative net au>
Date: Wed, 19 Mar 2008 13:46:20 +0900
On Tue, Mar 18, 2008, Jon Lewis wrote:
The solution, of course, is to hire consultants (SIBR if possible) to port everything to port 80 !That's been going on for years. Back when it was common for ISPs to run squid servers and transparently proxy to them (probably around 2000), I ran into a customer using some sort of aviation data in real time app which used port 80 (and wasn't HTTP). I had to special case traffic to that service's IP to get it not to hit squid. When I asked them why they were running a non-HTTP protocol on 80/tcp, the answer was "that gets us through most firewalls."
There's patches to Squid to make it silently transparently proxy stuff that doesn't look like HTTP. (I need to make it knob-able before I commit it, as some people -like- having the "must be HTTP" implication of transparent interception.) Adrian
Current thread:
- Re: Customer-facing ACLs, (continued)
- Re: Customer-facing ACLs Justin Shore (Mar 09)
- Re: Customer-facing ACLs Adrian Chadd (Mar 08)
- Re: Customer-facing ACLs Justin Shore (Mar 08)
- Re: Customer-facing ACLs Chris Marlatt (Mar 10)
- Re: Customer-facing ACLs Adrian Chadd (Mar 10)
- Re: Customer-facing ACLs Justin Shore (Mar 10)
- Re: Customer-facing ACLs Sean Donelan (Mar 10)
- Re: Customer-facing ACLs Andy Davidson (Mar 18)
- Re: Customer-facing ACLs Marshall Eubanks (Mar 18)
- Re: Customer-facing ACLs Jon Lewis (Mar 18)
- Re: Customer-facing ACLs Adrian Chadd (Mar 18)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Adrian Chadd (Mar 07)
- Re: Customer-facing ACLs Sean Donelan (Mar 10)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 10)
- Re: Customer-facing ACLs Sean Donelan (Mar 10)