Metasploit mailing list archives
Re: Lab and BT Behind Separate Firewalls
From: Matthew Weeks <scriptjunkie1 () googlemail com>
Date: Sat, 1 Oct 2011 09:38:45 -0500
In other words, you want incoming connections automatically forwarded to you... but you don't want incoming connections automatically forwarded to you? This is why you usually don't want to run a pentest from behind a firewall and definitely do not want to share an IP with another machine behind NAT when you both are trying to get reverse connections. Why not just turn off NAT and the firewall and give each machine a routeable IP? There should be no trouble doing that in a proper lab environment. scriptjunkie http://www.scriptjunkie.us/ On Sat, Oct 1, 2011 at 8:58 AM, Noso <metasploit () nosolutions com> wrote:
Hi all, I'm curious as to if there is an easier way to do this than what I've been doing. I'm running BT behind NAT on Firewall A w/ dhcp. The lab is behind a separate firewall, Firewall B, also running NAT, with ports forwarded to the machine from the firewall. Anytime I wish to run an exploit, I have to confirm that Firewall A has the correct ports pointing back to the BT machine I am using so I can use a meterpreter reverse connection. This can be quite annoying when there are numerous BT machines running and we constantly have to change the port forwarding, or when two pentests are occuring at once from different machines. Is there a better way to set this up that doesn't involve putting the BT machines in a DMZ? Thanks, Noso. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Lab and BT Behind Separate Firewalls Noso (Oct 01)
- Re: Lab and BT Behind Separate Firewalls Matthew Weeks (Oct 01)