On Tue, Nov 14, 2006 at 05:12:58PM +0800, David Woodhouse wrote: > On Tue, 2006-11-14 at 00:56 +0000, Dave Mitchell wrote: > > > Of course it does. It can't work with dynamic NATs as it uses IP > > > (and reserved TCP port) for access check but rsh is just a simple > > > TCP connection to a well-known port. > > > > The rsh protocol requires the server to make a second TCP connection back > > to a low-numbered ephemeral port specified by the client, for the stderr > > channel. If you haven't got a stateful, inspecting firewall, you're hosed. > > Why do you say such a thing? I don't have a stateful, inspecting > firewall -- but rsh seems to work fine. > > In fact, I don't have a firewall at all -- firewalls just break things. > In general, firewalls are a band-aid to patch over broken software; a > poor substitute for proper security. The original point being made was that rsh won't work with a simple firewall. You either have to turn the firewall off, or install a complex firewall (that may then have its own security problems). -- In my day, we used to edit the inodes by hand. With magnets. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list