RE: Basic NAT / Firewall Question

["Fred McFeeters" <fredmcfeeters () kc rr com>]

I don't know to much about this my self, but this is what I do know.

1. A firewall blocks all traffic you tell it and allows all traffic you
don't tell it to block. So how I setup my firewall (iptables)
22 & 80 are allowed in and then forward to the respective server, every
thing else is dropped.

2. The NAT portion of the firewall sends all packets from the external
interface to the internal, and unless you tell it otherwise it won't send
certain packets to certain machines.

3. My best advice is that you should Block all at the firewall and only
allow in what is needed, and also close all unneeded services on your hosts;
and finally if you can setup a host firewall on each internal server to
catch any thing that slips by the firewall.


-----Original Message-----
From: thatch [mailto:leethatcher () gmail com] 
Sent: Friday, August 18, 2006 12:29 PM
To: security-basics () securityfocus com
Subject: Basic NAT / Firewall Question


forgive me if this question seems pretty basic but could anyone tell explain
this to me.

i'm performing a practice assesment and i have located an IP of a web based
mail server (OWA).  this server is sitting behind a hardware firewall (say
PIX or Checkpoint)that is NATing the IP Address to an internal non-routable
address.  Now, if i use a tool such as Nmap to scan that external IP are my
scan results influenced by the Firewall.  Do firewalls when NATing take all
traffic from the external IP and pass it to the internal nertwork and expect
the server to have the remaing services closed down or do they only take
traffic destined for a port and drop everything else.  if it's the later,
when i scan am i only scaning the 1 port that is allowing traffic to be
forward to it?

Is there a way of determining if the firewall is blocking the traffic to the
other ports or if the Server has been locked down and is blocking them?

Any help would be appreciated.

Regards

Thatch


-- 
View this message in context:
http://www.nabble.com/Basic-NAT---Firewall-Question-tf2128555.html#a5874111
Sent from the Security Basics forum at Nabble.com.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------