On Friday 04 January 2002 08:38 am, Rob van der Heij wrote: > > One way we've used is to set up a Linux guest with IP port forwarding > > turned on, and install a ssh client on the workstations. We use ssh to > > redirect a high-numbered port on the local workstation to another > > high-number port on the Linux guest and have the Linux guest forward the > > resulting connection to port 23 on the 3270 host. We then configure the > > 3270 client to talk to the high-number port on the local workstation; > > presto, encrypted traffic w/o buying new clients. > > I hope you also run a firewall on your workstation that prevents others > from telnetting to your high-numbered port and get tunneled via your > encrypted connection to the host, but just failed to tell us that part of > the soluiton ... ;-)
Yes, correct. We use this on our LAN-based hosts, behind the firewall, for outbound connections. The firewall rules on the machine running the client end of the tunnel should disallow connection to the high-numbered port from anywhere except the local host. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them [EMAIL PROTECTED] | having a bad operating system." -- Linus Torvalds http://www.4th.com/ | ("The Rebel Code," NY Times, 21 February 1999)
