From owner-freebsd-questions@FreeBSD.ORG Wed Aug 3 23:08:37 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF50116A41F for ; Wed, 3 Aug 2005 23:08:37 +0000 (GMT) (envelope-from eculp@bafirst.com) Received: from bafirst.com (72-12-2-214.wan.networktel.net [72.12.2.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45A3843D45 for ; Wed, 3 Aug 2005 23:08:37 +0000 (GMT) (envelope-from eculp@bafirst.com) Received: from localhost (localhost [127.0.0.1]) (uid 80) by bafirst.com with local; Wed, 03 Aug 2005 18:08:36 -0500 id 00095804.42F14E74.000118C9 Received: from dsl-201-138-84-189.prod-infinitum.com.mx (dsl-201-138-84-189.prod-infinitum.com.mx [201.138.84.189]) by mail.bafirst.com (Horde MIME library) with HTTP; Wed, 03 Aug 2005 18:08:36 -0500 Message-ID: <20050803180836.gz9e3bme8gg40s0k@mail.bafirst.com> Date: Wed, 03 Aug 2005 18:08:36 -0500 From: eculp@bafirst.com To: freebsd-questions@freebsd.org References: <017301c59879$ac40cd80$c901a8c0@workdog> In-Reply-To: <017301c59879$ac40cd80$c901a8c0@workdog> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.1-cvs Subject: RE: A secure connection to an SCO Unix 5.2 behind a pf firewall. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 23:08:37 -0000 Quoting Gayn Winters : > >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of >> eculp@bafirst.com >> Sent: Wednesday, August 03, 2005 3:07 PM >> To: freebsd-questions@freebsd.org >> Subject: A secure connection to an SCO Unix 5.2 behind a pf firewall. >> >> >> I installed a FreeBSD6.0 server/firewall for a remote >> customer about a >> week ago. Today they told me that on there LAN they had a Unix box >> that runs their internal ascii based accounting system that they have >> been accessing by modem from home. Now they want to access >> it over the >> Internet. The box is a pentiumIII running a SCO unixV from 1990 or >> 2000 with no secure anything that I have been able to find. In fact >> the company who maintains their system uses uucp for updating. I was >> thinking ipsec, originally but now I don't see a way to configure the >> SCO end of a tunnel. The server has a simple pf firewall with only a >> few ports open and opening ports isn't a problem. The >> application is a >> terminal session. Thirty users login in to it as root all >> with windows >> terminal sessions except for the modem connections and to >> make it more >> fun I shouldn't modify the SCO box because of their service contract. >> >> I would appreciate any suggestions for a reasonably secure >> solution. I >> just found all this out and am totally blank. >> >> thanks, >> >> ed >> >> > If your client is willing to use yet another box, you could front-end > the old SCO box with a dual port FBSD box and establish a secure tunnel > to the FBSD box. This could also be done with a low-end firewall. Thanks, gayn. I assume that you mean installing it on the LAN behind the firewall and opening the tunnel to it. I thought of that and mentioned it to them but found less that an enthusiastic response, that I expected. They don't understand the value, unfortunately. I guess I could do something like that with a jail, I would just need an extra IP, I guess. Thanks again, ed