savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-help-public] Access to Savannah thru http?

From: Nagarjuna G.
Subject: Re: [Savannah-help-public] Access to Savannah thru http?
Date: Sat, 26 Feb 2005 21:31:16 +0530
User-agent: KMail/1.7.2 
On Wednesday 16 Feb 2005 1:28 am, Sylvain Beucler wrote:
> Hello address@hidden (I don't know your name),

Sorry for the delay in replying.
My name is Nagarjuna.
 
> Richard Stallman told the GNU Savannah hackers that some 
universities
> have troubles to connect to our CVS service, because they use
> restrictive outgoing traffic firewall filtering rules.
> 
> We are considering adding an SSH daemon that would listen on a port
> allowed by such firewall.
> 
> However, depending on this outgoing traffic filtering, this may or 
may
> not work.
> 
> We would like to get more information about this issue, and RMS told
> us you could help. Can you explain the issue in detail to us? Would
> providing CVS over SSH access using a port different than 22 help?
>

No, it wont, because only protocol open in some places is http, and
further through a proxy only.

The situation that we discovered in India during his recent visit was
due to paranoid firewalls beings installed in the several campuses he
visited.  In these campuses, they are sending all out going packets
through a proxy server and mostly only http.  This makes people within
the campus unable to access any server outside through other
protocols, say using ssh.  Only dialout connections provide full
access in these places.

In these places, Internet access is equivalent to browser access.
surprisingly pop, fetchmail were also blocked.

some thoughts: One possibility that occurs to me in this kind of a
situation is to provide access to all our services through a web
page, from where cvs checkin/out and upload/download are possible.
There is one perl based openwebmail product that gives what is called
`Web Disk'.  If we allow this kind of disk then gnu hackers can access
their home after authentication through ssl.  We used this feature in
our institute, so that we could close ftp port completely.

If you need any further information, I will try to provide.

RMS: In the note that you send to all the hosts while you are
travelling, please mention that your mail transfer requires ssh
access.  Most people donot understand what it takes to do mail
transfer.  They dont use this term `mail transfer'.  They assume that
since a browser access is possible, they gladly tell you that Internet
is available.  As mentioned earlier for them Internet means Browser.
Since they read mails through a browser they assume you also check
using a browser.  Most workable solution is dialing out an ISP, since
most ISP's dont block any ports it will be easy.

--
Nagarjuna
reply via email to
[Prev in Thread] Current Thread [Next in Thread]