From owner-freebsd-questions@FreeBSD.ORG Wed Aug 3 22:06:41 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E04116A41F for ; Wed, 3 Aug 2005 22:06:41 +0000 (GMT) (envelope-from eculp@bafirst.com) Received: from bafirst.com (72-12-2-214.wan.networktel.net [72.12.2.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id D26E143D53 for ; Wed, 3 Aug 2005 22:06:38 +0000 (GMT) (envelope-from eculp@bafirst.com) Received: from localhost (localhost [127.0.0.1]) (uid 80) by bafirst.com with local; Wed, 03 Aug 2005 17:06:37 -0500 id 00095809.42F13FED.0001148D Received: from dsl-201-144-81-185.prod-infinitum.com.mx (dsl-201-144-81-185.prod-infinitum.com.mx [201.144.81.185]) by mail.bafirst.com (Horde MIME library) with HTTP; Wed, 03 Aug 2005 17:06:37 -0500 Message-ID: <20050803170637.yt81qbrw0swg0gg0@mail.bafirst.com> Date: Wed, 03 Aug 2005 17:06:37 -0500 From: eculp@bafirst.com To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.1-cvs Subject: A secure connection to an SCO Unix 5.2 behind a pf firewall. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 22:06:41 -0000 I installed a FreeBSD6.0 server/firewall for a remote customer about a week ago. Today they told me that on there LAN they had a Unix box that runs their internal ascii based accounting system that they have been accessing by modem from home. Now they want to access it over the Internet. The box is a pentiumIII running a SCO unixV from 1990 or 2000 with no secure anything that I have been able to find. In fact the company who maintains their system uses uucp for updating. I was thinking ipsec, originally but now I don't see a way to configure the SCO end of a tunnel. The server has a simple pf firewall with only a few ports open and opening ports isn't a problem. The application is a terminal session. Thirty users login in to it as root all with windows terminal sessions except for the modem connections and to make it more fun I shouldn't modify the SCO box because of their service contract. I would appreciate any suggestions for a reasonably secure solution. I just found all this out and am totally blank. thanks, ed