[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newbie, someone have how-to on from-scratch Debian firewall?

On Tue, Nov 07, 2000 at 05:04:39AM -1000, Brian Russo wrote:
> hm if you're using private addressing and doing NAT/PAT ?
> well obviously you can't do that transparently because .. it has no network
> address, the fw that is. 


> i don't see how it makes your internal sites more open to attack if
> you're using global's, as you can still apply pretty much the same fw ruleset.

Let's say I run some server behind my firewall and a proxy on my
firewall. In this situation an attacker either has to take over the
firewall, or he/she has to find a way to attack my server through my proxy.
If I just route packages to my server (and this includes port forwarding
which is often used in NAT environments) the attacker can attack my server

A pretty good exapmle is ftp. Client suffices, no need to run a server.
There are exploits known for active and passive ftp so that your average
script kiddie can open a hole in your firewall in seconds even in a
masquerading environment. So your setup seems to be even easier to break


Michael Meskes
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!

Reply to: