Security Basics mailing list archives
Re: Re: Basic NAT / Firewall Question
From: anon () in-neb org
Date: 21 Aug 2006 17:52:45 -0000
I agree with this assessment. For example, if your public address was 2.2.2.2 (outside FW) and you had the following mappings: port 80 --> 192.168.2.2 port 22 --> 192.168.3.2 port 25 --> 192.168.3.3 port 443 --> 192.168.3.2 You're firewall, in some form or fashion, will respond to all of those ports but only forward the mapped port to the designated IP address. At least this is how any decent firewall will act. Also, any firewall you get for work should BLOCK everything and only forward what you tell it to, which contradicts what someone else wrote earlier. You definitely want it configured with something similar to a DENY *ALL *ALL as opposed to an allow statement there. Think of all the work you'd have to do there....... Hope that helps. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Basic NAT / Firewall Question thatch (Aug 18)
- RE: Basic NAT / Firewall Question Fred McFeeters (Aug 21)
- Re: Basic NAT / Firewall Question List Spam (Aug 21)
- Re: Basic NAT / Firewall Question Christopher Stromblad (Aug 21)
- RE: Basic NAT / Firewall Question David Gillett (Aug 21)
- <Possible follow-ups>
- Re: Basic NAT / Firewall Question ricky (Aug 21)
- Re: Re: Basic NAT / Firewall Question anon (Aug 22)