On 8/21/2013 12:50 AM, Martin Sustrik wrote:
...
You want admin to open one port in the firewall when the project is
started. Going through the corporate process at this point is bearable
and makes sense.
Afterwards, you want to be able to expose arbitrary services through
that port without having to go through port-opening process over and
over again.
One additional point - if you really mean "arbitrary", including
existing services, I hope you understand that a network operator that
shuts down ANY current services would conclude they must then block
yours too.
I.e., if I don't want FTP over the firewall (because it uses cleartext
passwords), I definitely don't want TCPMUX (which allows FTP), or any
other "accesses arbitrary services" port.
So that seems like a non-starter, unless by "arbitrary" you mean
"extensions within your system" - which is how all current ports already
work.
Joe