Methods to access device IP inside a firewall through production ROR app

I have a ROR application that needs to access a device with it’s own IP
within my firewall. Within the network, the device IP is accessible
through
Ruby scripts utilizing TCP/IP protocol. I need a list of possible
methods
and implementations ( NOT PORT FORWARDING ) to spin a server behind this
firewall to serve up data to the ROR application when it is on a
production
server. Anyone with any ideas please let me know.

Gregory Perrin wrote in post #1102504:

I have a ROR application that needs to access a device with it’s own IP
within my firewall. Within the network, the device IP is accessible
through
Ruby scripts utilizing TCP/IP protocol. I need a list of possible
methods
and implementations ( NOT PORT FORWARDING ) to spin a server behind this
firewall to serve up data to the ROR application when it is on a
production
server. Anyone with any ideas please let me know.

I hope the answer to this question is that there are absolutely NO
methods or implementations to solve this “problem.” This is the whole
point to a firewall! If you could gain access to the machines behind a
firewall then there’s absolutely no point whatsoever in having a
firewall in the first place.

There’s a name for applications that do exactly this. They’re called
malware!

On Fri, Mar 22, 2013 at 7:27 AM, Robert W. [email protected]
wrote:

I hope the answer to this question is that there are absolutely NO
methods or implementations to solve this “problem.” This is the whole
point to a firewall! If you could gain access to the machines behind a
firewall then there’s absolutely no point whatsoever in having a
firewall in the first place.

Sorry, that’s wildly overstated. Many firewalls exist for the purpose
of limiting, not preventing traffic between systems, .e.g. creating
a DMZ for a corporate web or mail server (or server farm).

It would be possible to allow a tightly constrained inbound access,
but if the firewall owner is like most corporate IT types, getting that
approved would admittedly be tough.

So an alternate (very general) answer to the OP’s problem would be
to proxy the device data out to the web server.


Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

On Mar 22, 2013, at 11:17 AM, Hassan S. wrote:

Sorry, that’s wildly overstated. Many firewalls exist for the purpose
of limiting, not preventing traffic between systems, .e.g. creating
a DMZ for a corporate web or mail server (or server farm).

It would be possible to allow a tightly constrained inbound access,
but if the firewall owner is like most corporate IT types, getting that
approved would admittedly be tough.

The original question specified: ip address on the internal network, and
no port forwarding–calling that impossible is not overstating
anything :wink:


Scott R.
[email protected]
http://www.elevated-dev.com/
(303) 722-0567 voice

On Fri, Mar 22, 2013 at 12:54 PM, Scott R.
[email protected] wrote:

The original question specified: ip address on the internal network, and no port
forwarding–calling that impossible is not overstating anything :wink:

Well, I’d suggest that a smart proxy/relay would not be considered
“port forwarding” (and fit the bill), but it’s obviously easier and more
secure to just push the data out from inside.


Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs