On Fri, 20 Oct 1995, Mark wrote:
< Description of making term(1) use udp deleted>
> The advantage was I dont need root at either end to run any of my processes.
> Also I can easily, (and have up to the latest versions of term), put in
> firewalling code so noone can do anything at all from the remote end to my
> end.
>
> Your situation above requires root access to setup the ppp side of things
> but gives the benefit of IP connectivity through any stream, be it IP, X25
> or IPX. I'm not sure how easy it is for you to filter out bad guy packets.
I have root access to the machines on both sides, so that is not
a problem.
What we have is two C class nets, both connected to the Internet.
A user developing software on one of the nets needs to use the other
net "as his own", and among other things use SUN RPC-based services.
If I've learned anything by reading this list, it's to disallow
such a thing.
With the ppp/ssh solution all I would have to let in through our packet
filter is tcp/22 (ssh port) to a possibly dedicated machine running
sshd+pppd. The ssh daemon would use RSA authentication to authenticate
the other party. Since anything transmitted after that is encrypted,
the channel should be secure.
We might use a dedicated leased line instead of the Internet to do
this, but I would like to make the link tamper-proof anyway.
To try it out, I could use a couple of leftover 386 PC:s running Linux
(which I'm familiar with) or FreeBSD, to see how it performs. Of course
there is a lot of overhead with the encryption and packaging, but the
the link doesn't need to be blazingly fast.
Of course making routing work correctly is another headache. Ack! :-P
- Mikael -
-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-
Mikael .
Suokas @
hut .
fi
http://www.hut.fi/~csuokas/index.html
Helsinki University of Technology
References:
|
|
