You might also want to take a look at IP Tunneling. I haven't tried
it, but the idea is to virtually connect two private networks together via
the Internet, without making the Internet visible to either end. The
original IP addresses get buried in the packets of a tunneling protocol,
instead of being re-mapped. As Nigel points out, this could be a security
concern, if you don't do anything else.
Jack Carroll
On Wed, 24 Jun 1998, Nigel Metheringham wrote:
> [EMAIL PROTECTED] said:
> } When I try to rlogin from 1.1.1.1 to 4.4.4.4 I get a response:
> } rlogind: Permission denied.
>
> rlogin/rsh relies for its "security" on the sender being at a known IP
> address and using a privileged port. Masquerading remaps all the ports
> into a high range of ports, hence it breaks rlogin/rsh.
>
> This should not be looked on as a disadvantage of masquerading. Firstly
> even if the port was mapped into the right range (so that it worked) you
> have just broken your trust model - rather than trusting a listed set of
> machines to use rlogin/rsh you now have to trust the masq machine and
> *all* machines behind it. Secondly the r-protocols are insecure and
> should never be enabled on a machine connected to the internet.
>
> The answer is to use ssh instead - in particular you need to use personal
> certificates rather than per-host certificates since masq breaks the
> host<->host mapping.
>
> Nigel.
> --
> [ [EMAIL PROTECTED] - Systems Software Engineer ]
> [ Tel : +44 113 207 6112 Fax : +44 113 234 6065 ]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
