On Tue, 2006-11-14 at 00:56 +0000, Dave Mitchell wrote:
Of course it does. It can't work with dynamic NATs as it uses IP (and reserved TCP port) for access check but rsh is just a simple TCP connection to a well-known port.
The rsh protocol requires the server to make a second TCP connection back to a low-numbered ephemeral port specified by the client, for the stderr channel. If you haven't got a stateful, inspecting firewall, you're hosed.
Why do you say such a thing? I don't have a stateful, inspecting firewall -- but rsh seems to work fine.
In fact, I don't have a firewall at all -- firewalls just break things. In general, firewalls are a band-aid to patch over broken software; a poor substitute for proper security.