Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 03 Aug 2005 18:08:36 -0500
From:      eculp@bafirst.com
To:        freebsd-questions@freebsd.org
Subject:   RE: A secure connection to an SCO Unix 5.2 behind a pf firewall.
Message-ID:  <20050803180836.gz9e3bme8gg40s0k@mail.bafirst.com>
In-Reply-To: <017301c59879$ac40cd80$c901a8c0@workdog>
References:  <017301c59879$ac40cd80$c901a8c0@workdog>

next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Gayn Winters <gayn.winters@mail.bristolsystems.com>:

>
>> -----Original Message-----
>> From: owner-freebsd-questions@freebsd.org
>> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of
>> eculp@bafirst.com
>> Sent: Wednesday, August 03, 2005 3:07 PM
>> To: freebsd-questions@freebsd.org
>> Subject: A secure connection to an SCO Unix 5.2 behind a pf firewall.
>>
>>
>> I installed a FreeBSD6.0 server/firewall for a remote
>> customer about a
>> week ago.  Today they told me that on there LAN they had a Unix box
>> that runs their internal ascii based accounting system that they have
>> been accessing by modem from home.  Now they want to access
>> it over the
>> Internet.  The box is a pentiumIII running a SCO unixV from 1990 or
>> 2000 with no secure anything that I have been able to find.  In fact
>> the company who maintains their system uses uucp for updating.  I was
>> thinking ipsec, originally but now I don't see a way to configure the
>> SCO end of a tunnel.  The server has a simple pf firewall with only a
>> few ports open and opening ports isn't a problem.  The
>> application is a
>> terminal session.  Thirty users login in to it as root all
>> with windows
>> terminal sessions except for the modem connections and to
>> make it more
>> fun I shouldn't modify the SCO box because of their service contract.
>>
>> I would appreciate any suggestions for a reasonably secure
>> solution.  I
>> just found all this out and am totally blank.
>>
>> thanks,
>>
>> ed
>>
>>
> If your client is willing to use yet another box, you could front-end
> the old SCO box with a dual port FBSD box and establish a secure tunnel
> to the FBSD box.  This could also be done with a low-end firewall.

Thanks, gayn.

I assume that you mean installing it on the LAN behind the firewall and 
opening the tunnel to it.  I thought of that and mentioned it to them 
but found less that an enthusiastic response, that I expected.  They 
don't understand the value, unfortunately.  I guess I could do 
something like that with a jail, I would just need an extra IP, I guess.

Thanks again,

ed




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050803180836.gz9e3bme8gg40s0k>