[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sheflug] Re: Iptables
>you can fool the firewall into thinking that the incoming connection is
>related to an existing one, then you've got your way around the
>firewall.
Like opening a connection - using say irc - and then passing special
packets ..?
>Using 192.168.* doesn't mean that it's unroutable, per se. Hackers don't
>obey rules - so, if they are able to get close enough to your network so
>that they can see your 'private' traffic,
Like if a malcontnet has gained access to a router " close " to the private
network ..?
Re "unroutableness" of RFC 1918 ip addresses. I imagine that most Internet
routers would drop packets destined to and from those ranges. Though I
notice Blueyonder uses a 10.x.y.z address for its internal dhcp servers - is
this standard practice for isp's and network carriers ..?
>Using a masquerading firewall, allowing outgoing packets and incoming
>packets not starting connections (the 'three line firewall') offers you
>as much protection as you need. Most complicated firewall systems are
>necessary when you start wanting to do more complicated things: host a
>CVS server, receive incoming SMTP mail, etc.
Re that sort of thing. How does the order of the rule sets work in
iptables. I'm trying to portforward some services and would like internal
clients to use the same address as external clients. I've read the
netfilter and Masq howto's but if anybody can reccomend any other
resources... or books... I like the printed word ..its good for trains and
park benches in summer ;-)
TIA
Alan Dawson
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.