Re: question about ipchains on dual interface machine

To: <fireball82@gmx.net>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: question about ipchains on dual interface machine
From: Mike Dresser <mdresser@windsormachine.com>
Date: Wed, 10 Oct 2001 18:57:20 -0400 (EDT)
Message-id: <Pine.LNX.4.33.0110101855440.18326-100000@router.windsormachine.com>
In-reply-to: <20011011003106.A14276@inferno.ruley.org>

> On Wed, Oct 10, 2001 at 11:37:36AM -0400, Mike Dresser wrote:
> [...]
> > I want to deny ports 23, 37,137,139, etc, from the Internet, but allow
> > them from Y.
> [...]
>
> What about configuring services to listen only on one _specific_
> interface/ip? (In your case Y) So you perhaps don't have to take care about
> an confusing firewall setup... hiding services is not the way[tm] to make or
> keep a network secure.
Problem is the interface can vary, cause pppd isn't guaranteed to pickup
the same ppp0/ppp1/etc.

I agree fully, problem is I don't think things like telnet, netbios, etc
etc are going to all let me pick an interface/ip.

Reply to:

Follow-Ups:
- Re: question about ipchains on dual interface machine
  - From: fireball82@gmx.net

References:
- Re: question about ipchains on dual interface machine
  - From: fireball82@gmx.net

Prev by Date: Re: question about ipchains on dual interface machine
Next by Date: Re: question about ipchains on dual interface machine
Previous by thread: Re: question about ipchains on dual interface machine
Next by thread: Re: question about ipchains on dual interface machine
Index(es):
- Date
- Thread