--- In firebird-support@yahoogroups.com, John vd Waeter <john@j...> wrote:

> > John,
> > Its not overly difficult.
>
> Yeah, right... :-)

True - Have done so with Win Firewalls and IpTables.

> Yes... portmappings from WAN to a single server on the LAN is no
> problem, but you cannot map a WAN-port to a single client on the LAN if
> there are more than 1 clients on that LAN that need
> event-notification.... how would the firewall know to which client the
> eventnotification should be sent to? Am I right?

There are also IP addresses

>
> I think that is the main reason that FB/IB originally chooses a random
> port, so that every connected client has its own

event-notification-port

> and that a firewall between the WAN and the clients LAN knows to which
> client an event-notification should be forwarded....

Again there are Ip addresses and port numbers.
There are also TCP packet flags that enable a connection to be made
and retained. There is also connection state that can be monitored.

The important consideration is whether the client establishes a
connection with the server after being notified of the event channel.
If it does then our firewalls can treat this as an established
connection AND server firewalls need to accept incoming calls on that
port.

I don't have a machine here I can play with (they are all working
machines) but at home I do.

Would be handy to have ethereal to monitor as well so I might need to
humbug my son for his laptop for a while.

>
> > After you get this going you could investigate Zebedee so that your
> > data (which includes events) has some protection. I understand that it
> > can compress as well.
>
> Just downloaded it. I'll give it a try...

Might be a good idea to get things going first.

>
> Thanks.
> John

Mick