The point of tunneling is to go through firewalls
(well, in your case, anyway). This is why the
firewall is rendered useless.
If the endpoints of the SSH link have firewalling
capabilities you can regain a little bit of
security by firewalling the link at the endpoints
rather than the firewall you're piercing.
For example, if the endpoints were Linux, you
could use ipfw or ipchains to block all but
approved traffic.
~Patrick
> -----Original Message-----
>
> Hello,
>
> We are thinking of tunneling Telnet and/or VNC through SSH
> accross a firewall. One of the questions i have is as follows:
> once SSH is allowed through a firewall, how can you restrict
> what is being tunneled through it? Let's say I only want
> Telnet tunneled. I am advised that once you open up the
> tunnel, any protocol can flow through it and I would have no
> way of blocking that.
>
> Ideas, insights, recommendations, white papers, websites
> about tunneling are all welcome.
>
> Thanks a lot.
>
> Saxo
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
