Re: router policy question

To: debian-user@lists.debian.org
Subject: Re: router policy question
From: Daniel D Jones <ddjones@riddlemaster.org>
Date: Fri, 16 Apr 2010 22:35:18 -0400
Message-id: <[🔎] 201004162235.18145.ddjones@riddlemaster.org>
In-reply-to: <[🔎] 6BE8023D-76B5-4978-92C8-4BC102BD5B11@slsware.com>
References: <[🔎] 6BE8023D-76B5-4978-92C8-4BC102BD5B11@slsware.com>

On Friday 16 April 2010 21:00:56 Glenn English wrote:
> On my nets, I need to be able to telnet/ssh into the border router, from
>  the inside, to futz with it.
> 
> But is there any reason at all to allow anything, aside from some ICMP, to
>  go beyond the ACL on its Internet facing interface -- to get to the router
>  itself, that is?

You mean packets coming in from the Internet with a destination IP that is 
assigned to the router itself?  Are you running any sort of routing protocol 
or similar that communicates with your ISP's routers, including things like 
MPLS, or any VPNs/tunnels that terminate at the border router? What about NAT 
or port forwarding on the border router?

-- 
"Clothes make the man. Naked people have little or no influence on society." - 
Mark Twain, American Writer (1835-1910)

Reply to:

Follow-Ups:
- Re: router policy question
  - From: Glenn English <ghe@slsware.com>

References:
- router policy question
  - From: Glenn English <ghe@slsware.com>

Prev by Date: Re: STAT of Process
Next by Date: RE: xen
Previous by thread: router policy question
Next by thread: Re: router policy question
Index(es):
- Date
- Thread