A secure connection to an SCO Unix 5.2 behind a pf firewall.
eculp at bafirst.com
eculp at bafirst.com
Wed Aug 3 23:08:37 GMT 2005
Quoting Gayn Winters <gayn.winters at mail.bristolsystems.com>:
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of
>> eculp at bafirst.com
>> Sent: Wednesday, August 03, 2005 3:07 PM
>> To: freebsd-questions at freebsd.org
>> Subject: A secure connection to an SCO Unix 5.2 behind a pf firewall.
>> I installed a FreeBSD6.0 server/firewall for a remote
>> customer about a
>> week ago. Today they told me that on there LAN they had a Unix box
>> that runs their internal ascii based accounting system that they have
>> been accessing by modem from home. Now they want to access
>> it over the
>> Internet. The box is a pentiumIII running a SCO unixV from 1990 or
>> 2000 with no secure anything that I have been able to find. In fact
>> the company who maintains their system uses uucp for updating. I was
>> thinking ipsec, originally but now I don't see a way to configure the
>> SCO end of a tunnel. The server has a simple pf firewall with only a
>> few ports open and opening ports isn't a problem. The
>> application is a
>> terminal session. Thirty users login in to it as root all
>> with windows
>> terminal sessions except for the modem connections and to
>> make it more
>> fun I shouldn't modify the SCO box because of their service contract.
>> I would appreciate any suggestions for a reasonably secure
>> solution. I
>> just found all this out and am totally blank.
> If your client is willing to use yet another box, you could front-end
> the old SCO box with a dual port FBSD box and establish a secure tunnel
> to the FBSD box. This could also be done with a low-end firewall.
I assume that you mean installing it on the LAN behind the firewall and
opening the tunnel to it. I thought of that and mentioned it to them
but found less that an enthusiastic response, that I expected. They
don't understand the value, unfortunately. I guess I could do
something like that with a jail, I would just need an extra IP, I guess.
More information about the freebsd-questions