From owner-freebsd-security  Sat Sep 25  2:35:35 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id AC4B214D89
	for <freebsd-security@FreeBSD.ORG>; Sat, 25 Sep 1999 02:35:32 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id LAA92611;
	Sat, 25 Sep 1999 11:35:20 +0200 (CEST)
	(envelope-from des)
To: tim@iafrica.com.na
Cc: The Mad Scientist <madscientist@thegrid.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Secure gateway to intranet
References: <4.1.19990923205643.0095ce70@mail.thegrid.net> <99092413411000.21169@310.priebe.alt.na>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 25 Sep 1999 11:35:19 +0200
In-Reply-To: Tim Priebe's message of "Fri, 24 Sep 1999 13:28:37 +0200"
Message-ID: <xzpzoybxrjc.fsf@flood.ping.uio.no>
Lines: 11
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Tim Priebe <tim@iafrica.com.na> writes:
> My solution to a similar problem is to use ipfw rules, together with ssh. I
> have a small number of fixed ip addresses on the outside, that are allowed to
> connect to a small number of fixed addresses on the inside. Logging can be done
> with the tcp setup packets.

Won't work if the internal network is NATed.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message