From owner-freebsd-questions  Sun Mar 11 23:50:47 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194])
	by hub.freebsd.org (Postfix) with ESMTP id 5B3C637B719
	for <freebsd-questions@FreeBSD.ORG>; Sun, 11 Mar 2001 23:50:44 -0800 (PST)
	(envelope-from so@server.i-clue.de)
Received: from i-clue.de (automatix.i-clue.de [192.168.0.112])
	by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id JAA14013;
	Mon, 12 Mar 2001 09:57:23 +0100
Message-ID: <3AAC802F.16A96146@i-clue.de>
Date: Mon, 12 Mar 2001 08:52:15 +0100
From: Christoph Sold <so@server.i-clue.de>
Reply-To: so@server.i-clue.de
X-Mailer: Mozilla 4.75 [de] (WinNT; U)
X-Accept-Language: de
MIME-Version: 1.0
To: Mike Squires <mikes@ct980320-b.blmngtn1.in.home.com>
Cc: FreeBSD questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: Inbound connections to NT4 Server behind FreeBSD natd/firewall
References: <200103101429.f2AET2r37067@ct980320-b.blmngtn1.in.home.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



Mike Squires schrieb:
> 
> I use a FreeBSD 4.3-STABLE box as a firewall/natd gateway for my home
> network.  I have an NT 4 Server running IIS4/FP 4.0 extensions and Oracle
> 8.1.6 behind that firewall.
> 
> The internal network uses non-routing IP numbers; the external network is
> @home's.
> 
> I would like to temporarily make the NT4 server accessible for connections
> initiated by outside users for a development project, but can't figure
> out any easy way of doing that.  Outbound connections are, of course, a
> piece of cake.
> 
> The only solution I can think of would be to map the inbound connections to
> http and FP to the NT4 server in the firewall script, but this would seem to
> be dangerous given my low opinion of NT4 in a DMZ environment.

Several possibilities exist:

- Have your external partner add a route to your network manually into
his routing table.
- Install a VPN pointing to any FreeBSD box supporting it.
- Use any secure tunnel (needs two boxers, one at your partner, one
inside your network).
- Have your firewall forward unusual ports to the NT box. (e.g.
firewall/port 230 -> NT box/port 23 to forward telnet access). Your
application must be able to specify unusual ports to use this.

HTH
-Christoph Sold

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message