[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sheflug] Re: Iptables

To: "'Sheffield LUG '" <shef-lug [at] xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Sheflug] Re: Iptables
From: xxxxx [at] xxxxxxxxxxxxxxxxxxx
Date: Sun, 5 May 2002 11:55:31 +0100
Envelope-to: <shef-lug [at] list.sheflug.org.uk>
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

>you can fool the firewall into thinking that the incoming connection is
>related to an existing one, then you've got your way around the
>firewall.
Like opening a connection  - using say irc - and then passing special
packets ..?

>Using 192.168.* doesn't mean that it's unroutable, per se. Hackers don't
>obey rules - so, if they are able to get close enough to your network so
>that they can see your 'private' traffic, 

Like if a malcontnet has gained access to a router " close " to the private
network ..?

Re "unroutableness" of RFC 1918 ip addresses.  I imagine that most Internet
routers would drop packets destined to and from those ranges.  Though I
notice Blueyonder uses a 10.x.y.z address for its internal dhcp servers - is
this standard practice for isp's and network carriers ..?

>Using a masquerading firewall, allowing outgoing packets and incoming
>packets not starting connections (the 'three line firewall') offers you
>as much protection as you need. Most complicated firewall systems are
>necessary when you start wanting to do more complicated things: host a
>CVS server, receive incoming SMTP mail, etc.

Re that sort of thing.  How does the order of the rule sets work in
iptables.  I'm trying to portforward some services and would like internal
clients to use the same address as external clients.  I've read the
netfilter and Masq howto's but if anybody can reccomend any other
resources...  or books... I like the printed word ..its good for trains and
park benches in summer  ;-)

TIA 

Alan Dawson
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- RE: [Sheflug] Re: Iptables
  - From: xxxxx

Prev by Date: [Sheflug] Re: Iptables
Next by Date: [Sheflug] Re: Iptables
Previous by thread: [Sheflug] Re: Iptables
Next by thread: RE: [Sheflug] Re: Iptables
Index(es):
- Date
- Thread