1999-03-26-15:48:22 Anja Kuehl:
> we have a TIS firewall toolkit in our institut and we were asked several
> times wether our firewall supports ssh. I know that TIS offers no
> ssh proxy for their fwtk. Does anbody know how to solve the problem? Or is
> it already solved ?
I've proxied ssh through a Gauntlet using plug-gw. You can define the list of
src IP addresses who are permitted to each destination. Choose a different TCP
port for each destination you want to support, and use the "Host" paragraph in
the ~/.ssh/config file for the user, that specifies a "Port" and "HostName". I
use the IP addr of the firewall as the HostName.
For allowing ssh tunnels from a short list of authorized client machines to a
handful of systems in the DMZ, this works great. I wouldn't recommend allowing
ssh outbound more generally, since you have no control over the content
passing through that tunnel.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
