Quoting Gayn Winters <[EMAIL PROTECTED]>:
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, August 03, 2005 3:07 PM
To: freebsd-questions@freebsd.org
Subject: A secure connection to an SCO Unix 5.2 behind a pf firewall.
I installed a FreeBSD6.0 server/firewall for a remote
customer about a
week ago. Today they told me that on there LAN they had a Unix box
that runs their internal ascii based accounting system that they have
been accessing by modem from home. Now they want to access
it over the
Internet. The box is a pentiumIII running a SCO unixV from 1990 or
2000 with no secure anything that I have been able to find. In fact
the company who maintains their system uses uucp for updating. I was
thinking ipsec, originally but now I don't see a way to configure the
SCO end of a tunnel. The server has a simple pf firewall with only a
few ports open and opening ports isn't a problem. The
application is a
terminal session. Thirty users login in to it as root all
with windows
terminal sessions except for the modem connections and to
make it more
fun I shouldn't modify the SCO box because of their service contract.
I would appreciate any suggestions for a reasonably secure
solution. I
just found all this out and am totally blank.
thanks,
ed
If your client is willing to use yet another box, you could front-end
the old SCO box with a dual port FBSD box and establish a secure tunnel
to the FBSD box. This could also be done with a low-end firewall.
Thanks, gayn.
I assume that you mean installing it on the LAN behind the firewall and
opening the tunnel to it. I thought of that and mentioned it to them
but found less that an enthusiastic response, that I expected. They
don't understand the value, unfortunately. I guess I could do
something like that with a jail, I would just need an extra IP, I guess.
Thanks again,
ed
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"