On Sat, 16 May 2009, Lois Bennett wrote: >> Are you absolutely sure you don't want to forward port 22/tcp to the >> inside machine, and so make your system a tiny bit simpler? >> > I am not sure. The idea is to protect the inner system. It may be > that a simple port forwarding would accomplish that but I am not sure > I can convince my boss. If I were to do a simple port forwarding this > bastion machine would only have port 22 open to the outside world and > then a port to the inner system. A user will not login to it but only > connect to it. I will look into port forwarding. Thanks
for example, what if he needs to connect to multiple systems on the inside, a simple port forwarder won't do this easily (if at all) or what if he wanted to ensure that if port forwarding is accidently enabled on the inside system it doesn't get out? or what if he's in an environment that mandates extensive monitoring and logging of remote sessions? he would need a point where the session is not encrypted to do this. David Lang _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
