[omniORB] Client connections with firewall.

bjorn rohde jensen bjensen@fastmail.fm
Mon Oct 21 18:33:00 2002


Hi Rao,

  There is no problem in fixing the port and interface
of your server. The POA etc. will in a way multiplex
invocations on hosted objects. IIOP is buildt on top
of TCP, which means, that the POA listens for incoming
TCP trafic on the specified port, the actual IIOP traffic
happens on a dedicated TCP socket pair. You dont need to
worry much about the port addresses of those connections,
they will usually by very high and far removed from any
ports usually filtered in firewalls. Alternatively you
need to perform full connection tracking in the firewall.
  The use of callbacks is a little tricky, i suppose. If
you want to have the best firewall protection, you would
need to use bidirectional IIOP, which omniORB4 supports
nicely:) You could also allow traffic to through the
firewall for some source/target port/address combinations.
There is noting special about a callback object in CORBA.
  I think, it would be the best idea to keep the firewall
as strict as possible and use bidirectional IIOP, it is
a little safer and not terribly complicated.

Yours sincerely,

Bjorn