On Sat, 2006-01-14 at 20:22, Ryan Novosielski wrote:
How does one handle the following situation?:
One cannot ping across the firewall in my organization. DMZ machines can
ping other DMZ machines and non-DMZ machines can ping other non-DMZ
machines. My future BB machine will be multi-homed. However, there is
probably a way to handle this with two different machines. However, what
is it? bb-hosts is supposed to be the same on both hosts, and I only
want there to be one display.
How is it done?
The usual solution is (as your subject line suggests) to install
the server software on a DMZ machine and run it as a BBNET only.
The "rule" that bb-hosts should be the same everywhere is really
an administration guideline and should continue "unless you have
a good reason not to". This is one of those good reasons.
On your internal BB server, bb-hosts will have the "noconn"
directive (and probably only that directive) for each of your
DMZ hosts. For the DMZ BB server, you should have an entry for
each DMZ host that you want to test and one for the (internal)
BBDISPLAY. That line should also have the "noconn" directive.
In order for this method to work, the firewall will need to
be configured to allow incoming connections between the
two hosts on port 1984. Ultra-paranoid security people (and
they're really the only ones worth having) may refuse to
even consider that. If so, you might have to test from the
internal network instead and use a TCP equivalent to ping.
In that case, this might be helpful:
http://www.deadcat.net/viewfile.php?fileid=699
Cheers, Phil.