Date: Wed, 03 Aug 2005 18:08:36 -0500 From: eculp@bafirst.com To: freebsd-questions@freebsd.org Subject: RE: A secure connection to an SCO Unix 5.2 behind a pf firewall. Message-ID: <20050803180836.gz9e3bme8gg40s0k@mail.bafirst.com> In-Reply-To: <017301c59879$ac40cd80$c901a8c0@workdog> References: <017301c59879$ac40cd80$c901a8c0@workdog>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Gayn Winters <gayn.winters@mail.bristolsystems.com>: > >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of >> eculp@bafirst.com >> Sent: Wednesday, August 03, 2005 3:07 PM >> To: freebsd-questions@freebsd.org >> Subject: A secure connection to an SCO Unix 5.2 behind a pf firewall. >> >> >> I installed a FreeBSD6.0 server/firewall for a remote >> customer about a >> week ago. Today they told me that on there LAN they had a Unix box >> that runs their internal ascii based accounting system that they have >> been accessing by modem from home. Now they want to access >> it over the >> Internet. The box is a pentiumIII running a SCO unixV from 1990 or >> 2000 with no secure anything that I have been able to find. In fact >> the company who maintains their system uses uucp for updating. I was >> thinking ipsec, originally but now I don't see a way to configure the >> SCO end of a tunnel. The server has a simple pf firewall with only a >> few ports open and opening ports isn't a problem. The >> application is a >> terminal session. Thirty users login in to it as root all >> with windows >> terminal sessions except for the modem connections and to >> make it more >> fun I shouldn't modify the SCO box because of their service contract. >> >> I would appreciate any suggestions for a reasonably secure >> solution. I >> just found all this out and am totally blank. >> >> thanks, >> >> ed >> >> > If your client is willing to use yet another box, you could front-end > the old SCO box with a dual port FBSD box and establish a secure tunnel > to the FBSD box. This could also be done with a low-end firewall. Thanks, gayn. I assume that you mean installing it on the LAN behind the firewall and opening the tunnel to it. I thought of that and mentioned it to them but found less that an enthusiastic response, that I expected. They don't understand the value, unfortunately. I guess I could do something like that with a jail, I would just need an extra IP, I guess. Thanks again, ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050803180836.gz9e3bme8gg40s0k>