Date: Fri, 24 Sep 1999 13:28:37 +0200 From: Tim Priebe <tim@iafrica.com.na> To: The Mad Scientist <madscientist@thegrid.net>, freebsd-security@freebsd.org Subject: Re: Secure gateway to intranet Message-ID: <99092413411000.21169@310.priebe.alt.na> References: <4.1.19990923205643.0095ce70@mail.thegrid.net>
index | next in thread | previous in thread | raw e-mail
On Fri, 24 Sep 1999, The Mad Scientist wrote: > All, > I am looking for a secure way to log into a machine on an intranet. > Here's what I have in mind. > A user ssh-es to a machine on the boarder network. Her shell is a > script/program that asks for a name of an internal machine, then ssh-es to > that machine after an authentication. This way, I could only open the > border and internal routers up to that machine and a proxy server and I > could have a log of who goes where. I'd also like to be able to set up > some kind of acl in the proggie/script that dictates which users can go to > which machines. For authentication, a username/pass will do for now, but > later I'd like to expand it to some kind of one time card. Some kind of > transparent secure file transfer would also be great. > Now, here's what I am interested in knowing. What would be a simple and > secure way to implement this. (I was thinking of perl) What sort of > things should I be wary of when setting this up? Is this even advisable? ^_^ > Thanks in advance, > -Dean My solution to a similar problem is to use ipfw rules, together with ssh. I have a small number of fixed ip addresses on the outside, that are allowed to connect to a small number of fixed addresses on the inside. Logging can be done with the tcp setup packets. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99092413411000.21169>