[Cvsnt] Binding CVSNT to multiple (but not all) IP addresses in a machine
Tony Hoyle
tmh at nothing-on.tv
Tue Aug 13 13:45:37 BST 2002
On Mon, 12 Aug 2002 16:30:25 -0700, "John D. Gwinner"
<jgwinner at dazsi.com> wrote:
>Actually, I'm not sure that's true. I was thinking of installing CVS on a
>software firewall, and in this case I would want the firewall acting on port
>2401 on the external LAN card, and CVSNT acting on the internal NIC.
>
>It's obviously better to have 2 machines, but a standard technique is to run
>your 'server' on the internal NIC, then create a mapping in the firewall
>software from it's external IP / port to the internal address ("Server
>publishing"). That way, the firewall can detect port scans and can log
>connection attempts. If CVSNT starts before the packet filter, the packet
>filter can't grab the port -and if you start the packet filter first, it's
>possible CVSNT might get confused (I'm not sure, I'd have to try this).
>
In that case you're only binding to a single address so the
BindAddress key will work. OTOH A firewall should not have server
software running on it. CVSNT is not secure enough for that kind of
thing (at least it's never been validated as secure, which virtually
guarantees that some kind of hole exists somewhere).
Tony
More information about the cvsnt
mailing list