Security Basics mailing list archives

Re: Re: Basic NAT / Firewall Question

From: anon () in-neb org
Date: 21 Aug 2006 17:52:45 -0000

I agree with this assessment.  For example, if your public address was 2.2.2.2 (outside FW) and you had the following 
mappings:

port 80  --> 192.168.2.2
port 22  --> 192.168.3.2
port 25  --> 192.168.3.3
port 443 --> 192.168.3.2

You're firewall, in some form or fashion, will respond to all of those ports but only forward the mapped port to the 
designated IP address.  At least this is how any decent firewall will act.

Also, any firewall you get for work should BLOCK everything and only forward what you tell it to, which contradicts 
what someone else wrote earlier.  You definitely want it configured with something similar to a DENY *ALL *ALL as 
opposed to an allow statement there.  Think of all the work you'd have to do there.......

Hope that helps.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Basic NAT / Firewall Question thatch (Aug 18)
- RE: Basic NAT / Firewall Question Fred McFeeters (Aug 21)
- Re: Basic NAT / Firewall Question List Spam (Aug 21)
- Re: Basic NAT / Firewall Question Christopher Stromblad (Aug 21)
- RE: Basic NAT / Firewall Question David Gillett (Aug 21)
- <Possible follow-ups>
- Re: Basic NAT / Firewall Question ricky (Aug 21)
- Re: Re: Basic NAT / Firewall Question anon (Aug 22)