-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do something like this, though with a different database server. What I did was setup an SSH server and then forward all ssh traffic from the firewall to the SSH box. Then I use an SSH client (teraterm ssh) on the external windows clients and have those forward http (database front end is web) to the internal web server IP address and forward the database command port to the internal database server IP address. I had to make an Lmhosts entry also for the database server. I don't know if this will work with what you are doing or not. You can limit who gets in with ssh allow options. Perhaps this would add too much processing overhead to what you are attempting, too, but it's a little more secure than just opening all the ports in the firewall. - -Matt - -----Original Message----- From: Thomas_Janke@prisma-edv.de [mailto:Thomas_Janke@prisma-edv.de] Sent: Friday, November 02, 2001 6:09 AM To: Alex Levit Cc: suse-security@suse.com Subject: Re: [suse-security] firewall-config: Allow external computers to access internal services Well, I have a Sybase server running on an internal computer. A Zope-Server needs to have access to that computer. So a certain number of ports should be available. Is there a way to bypass the firewall for exactly one external computer? I heard something about /etc/fw_friends, but setting this didn't work. Thanks for your help Thomas - -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use http://www.pgpinternational.com iQA/AwUBO+K+XmCxI19Ln0TAEQL/wACZAe0LH6k7c1cyBNkWIco0oo2CWvUAoJYp H9hMwbvleVZOpI2zzm9/MTPg =OzVe -----END PGP SIGNATURE-----