From owner-freebsd-security Sun Sep 26 4:22:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 192EB14C16 for ; Sun, 26 Sep 1999 04:22:54 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.5/nospam) with UUCP id NAA20209 for freebsd-security@FreeBSD.ORG; Sun, 26 Sep 1999 13:22:53 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 3B6ED8711; Sun, 26 Sep 1999 12:32:41 +0200 (CEST) Date: Sun, 26 Sep 1999 12:32:41 +0200 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: Secure gateway to intranet Message-ID: <19990926123241.B18956@keltia.freenix.fr> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <4.1.19990923205643.0095ce70@mail.thegrid.net> <199909251858.OAA39078@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0pre2i In-Reply-To: <199909251858.OAA39078@cc942873-a.ewndsr1.nj.home.com> X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5593 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Crist J. Clark: > Hmmm... Is there a reason not to just let ssh take care of this for > you? That is, have the hosts on the other end only accept certain > users? Yes, port forwarding. You have no way to control if a user use port forwarding or not. For incoming connections it is easy to block because you can compile sshd with it port fwd but for outgoing, it is more difficult. One can always recompile a ssh with port fwd... And while port fwd is great (I use it every day for CVSup for example), it can be really abused... -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #74: Thu Sep 9 00:20:51 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message