A secure connection to an SCO Unix 5.2 behind a pf firewall.

eculp at bafirst.com eculp at bafirst.com
Wed Aug 3 23:08:37 GMT 2005

Quoting Gayn Winters <gayn.winters at mail.bristolsystems.com>:

>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of
>> eculp at bafirst.com
>> Sent: Wednesday, August 03, 2005 3:07 PM
>> To: freebsd-questions at freebsd.org
>> Subject: A secure connection to an SCO Unix 5.2 behind a pf firewall.
>> I installed a FreeBSD6.0 server/firewall for a remote
>> customer about a
>> week ago.  Today they told me that on there LAN they had a Unix box
>> that runs their internal ascii based accounting system that they have
>> been accessing by modem from home.  Now they want to access
>> it over the
>> Internet.  The box is a pentiumIII running a SCO unixV from 1990 or
>> 2000 with no secure anything that I have been able to find.  In fact
>> the company who maintains their system uses uucp for updating.  I was
>> thinking ipsec, originally but now I don't see a way to configure the
>> SCO end of a tunnel.  The server has a simple pf firewall with only a
>> few ports open and opening ports isn't a problem.  The
>> application is a
>> terminal session.  Thirty users login in to it as root all
>> with windows
>> terminal sessions except for the modem connections and to
>> make it more
>> fun I shouldn't modify the SCO box because of their service contract.
>> I would appreciate any suggestions for a reasonably secure
>> solution.  I
>> just found all this out and am totally blank.
>> thanks,
>> ed
> If your client is willing to use yet another box, you could front-end
> the old SCO box with a dual port FBSD box and establish a secure tunnel
> to the FBSD box.  This could also be done with a low-end firewall.

Thanks, gayn.

I assume that you mean installing it on the LAN behind the firewall and 
opening the tunnel to it.  I thought of that and mentioned it to them 
but found less that an enthusiastic response, that I expected.  They 
don't understand the value, unfortunately.  I guess I could do 
something like that with a jail, I would just need an extra IP, I guess.

Thanks again,


More information about the freebsd-questions mailing list