http://g.raphaelli.com/tags/firewall/feed.atom 2009-01-12T10:45:44Z Zine tag:g.raphaelli.com,2009-01-09/entry:2009/1/9/defeating-firewalls-with-gearmand 2009-01-12T10:45:44Z 2009-01-12T10:42:00Z g <p>Gearman can be handy for defeating security in situations like the one pictured: </p><div style="text-align: center;"><img src="http://static.g.raphaelli.com/images/2009/01/12/host-setup.png"></div> Here, Host A can initiate connections to Host B but Host B is blocked by a firewall/router ACL/etc from initiating communications with Host A.<p></p> <p>With gearman, you can call a service on Host A from Host B with a setup like this: </p><div style="text-align: center;"><img src="http://static.g.raphaelli.com/images/2009/01/12/gearman-rpc.png"></div> <ol> <li>Run a gearmand job server on host B (or any host that A and B can both reach).</li> <li>Register a gearman worker running on Host A with that job server.</li> <li>Submit work from a client running on Host B to that job server.</li> </ol> <p></p> <p>This idea can be taken another step by chaining workers together such that calling abc() as depicted above creates a job that Host C, which can't reach or be reached by Host B at all, can ultimately execute. That kind of setup makes it increasingly difficult to track an individual task's real status but it can be handy in a pinch.</p>