[Gllug] Firewall Setup Script
David Pashley
david at davidpashley.com
Fri Oct 3 22:28:04 UTC 2003
On Oct 03, 2003 at 17:20, Gordon Joly praised the llamas by saying:
>
>
> Is a NAT'ed network (say 192.168.xyz.0/24) connected via something
> (dedicated or Linux) considered to be "firewalled" from the outside
> world?
>
I assume you mean can you rely on the fact that the addresses are
unroutable for security. The simple answer is no. The slightly longer
answer is no as you are not protecting the the NAT device from attack,
at which point an attacker could be able to get on to the local network.
Either using teh gateway as a stepping stone or by getting a forwarded
connection or similar. The other problem is that you are not doing
anything about outgoing traffic. You only want SMTP traffic to go to one
host(your ISP's server) or come from one host (your local smarthost).
Allowing every machine to send SMTP will result in viruses eating your
bandwidth. ( all recent emai lviruses have their own SMTP engine)
> Using iptables in Linux or the software in the friendly (ADSL)
> modem/router thingy...
>
P.S. Your enter key appears to be broken.
--
David Pashley
david at davidpashley.com
Nihil curo de ista tua stulta superstitione.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20031003/7bf99878/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list