Re: Searching for an appropriate iptables script

To: debian-firewall@lists.debian.org
Subject: Re: Searching for an appropriate iptables script
From: Carel Fellinger <cfelling@iae.nl>
Date: Sat, 9 Feb 2002 13:46:54 +0100
Message-id: <[🔎] 20020209134653.A696@animus.fel.iae.nl>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 006f01c1b11c$2f676370$0200a8c0@JEFF>; from jeff@integralogic.com on Fri, Feb 08, 2002 at 10:45:15PM -0500
References: <[🔎] 20020208185040.GH28205@fishbowl.madduck.net> <[🔎] 006f01c1b11c$2f676370$0200a8c0@JEFF>

On Fri, Feb 08, 2002 at 10:45:15PM -0500, Jeff Bonner wrote:
...
> Last but not least, it's difficult to gauge my success (or failure)
> because I can't use a machine *outside* the firewall to run nmap against
> this setup.  Yes, I do have another system with Linux, but it's not
> located right next to this one, where I could immediately make changes
> and observe results.  Perhaps in the near future I can run a dial-up for
> that purpose, though.

A simple minded solution could be:

1) unplug the firewall from the internet
2) swap the internal and external ip addresses in your firewall rules
   [ you do use env-vars in your firewall to point to the different
     interfaces, don't you :]
3) test from a local machine that is now seen by the firewall is
   belonging to the hostile internet


-- 
groetjes, carel

Reply to:

References:
- Re: Searching for an appropriate iptables script
  - From: martin f krafft <madduck@madduck.net>
- RE: Searching for an appropriate iptables script
  - From: "Jeff Bonner" <jeff@integralogic.com>

Prev by Date: iptables: SNAT vs MASQUERADE
Next by Date: snat,dnat and netbios
Previous by thread: RE: Searching for an appropriate iptables script
Next by thread: Re: Searching for an appropriate iptables script
Index(es):
- Date
- Thread