Archived
This forum has been archived. Please start a new discussion on GitHub.
server application opening ports per connection
Hi,
for a firewall configuration I wonder if I can restrict the port range, which is used by an ICE object adapter to serve clients. In the documentation I just found:
This means that I can actually configure a server to listen on port XY for incoming connections, but for the outgoing connections (e.g. for session management as in the "chat" sample code) it is not possible to somehow restrict the range somehow?
Regards...
for a firewall configuration I wonder if I can restrict the port range, which is used by an ICE object adapter to serve clients. In the documentation I just found:
Ice opens one port per object adapter endpoint. The port is assigned according to your endpoint configuration. The Ice run time also opens a port for each outgoing connection; the port number for outgoing connections is chosen by the operating system.
This means that I can actually configure a server to listen on port XY for incoming connections, but for the outgoing connections (e.g. for session management as in the "chat" sample code) it is not possible to somehow restrict the range somehow?
Regards...
0
Comments
-
Hi,
An object adapter listens on the ports specified in each of the endpoints defined with the object adapter Endpoints property. You can control which ports are used by setting the -p <port> option in each of the endpoints. So it's easy to setup the server side firewall to only accept connections for these ports only.
It's not clear to me why you'd want to restrict the range of ports used by the client to establish the outgoing connections, it's quite unusual. Can you detail a little more your use case?
Cheers,
Benoit.0 -
It's not clear to me why you'd want to restrict the range of ports used by the client to establish the outgoing connections, it's quite unusual. Can you detail a little more your use case?
Actually that was a question from our system administrators to make sure that our firewalls are as secure as possible. Since they are very concerned about attacks, they want to make sure that there are not any ports open for longer than an absolute must, to make it as hard as possible for intruders...
Cheers...0 -
An Ice server is no different from an web server in this respect. Instead of listening on port 80, the server can listen on a specific port configured through the object adapter endpoints.
Cheers,
Benoit.0
