Re: [fw-wiz] Iptables /Router

• Previous message: Devdas Bhagat: "Re: [fw-wiz] Re: Book of rants"
• In reply to: Marek Pawinski: "[fw-wiz] Iptables /Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Firewall Wizards Mailing List <firewall-wizards@honor.icsalabs.com>, Marek Pawinski <pawinski@webstorm.co.za>
Date: Sun, 12 Dec 2004 14:50:58 -0500 (EST)

On Sun, 12 Dec 2004, Marek Pawinski wrote:

> I previously had a network with one Mandrake box A as a internet gateway
> (ISDN) using internet connection sharing to some desktops B.

Cool.

> I now have a ADSL modem/router connected to the Mandrake box A and the
> router does the NAT and packet filtering.

Does it have to? Unless you're worried about someone attacking the
Mandrake box then you'll probably find your life easier with only one NAT
box in the chain.

> I now notice that the internet connection seems to bypass box A and does
> not go through shorewall at all.

I think this is confusion.

> grc.com shows that my IP is that of the router been scanned.

Sure. That the real routable IP. Unless you've run an Ethernet cable
from your LAN directly into the router, each stage will do NAT seperately.

> So my question is how can i set this up so shorewall on box A as well as
> the router protect the network ?

As long as your LAN is plugged into the shorewall and the router is
plugged into the shorewall and the LAN and router aren't plugged into each
other directly you're in good shape.

-- 
</chris>
"Fans of Mozilla's free, open-source Firefox browser make the
ardent Apple faithful look like a bunch of slackers."
- Rebecca Lieb at clickz.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Devdas Bhagat: "Re: [fw-wiz] Re: Book of rants"
• In reply to: Marek Pawinski: "[fw-wiz] Iptables /Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Understanding voip and NAT ... PC on my local lan - via a NAT D-link 604 broadband router to the net, ... I have a spare linux server on this network to run some form of server etc. ... (Debian-User) Re: Linksys WRT54G and Firewall software ... and it is completely unprotected on the LAN side. ... But what I have meant is that a average router is a very vulnerable ... NAT router's are not "secured" per se by default. ... NAT tries to match incoming packets to established connections and conversations. ... (comp.security.firewalls) Re: Which home user router has a decent firewall inside it? ... Not for your LAN. ... The NAT translation on the router will ... NAT will inspect any packets if at all. ... public IP addresses in your LAN) and keep the firewall active. ... (comp.security.firewalls) Re: Router with a software firewall. Is this possible? ... opening holes in your NAT on the router. ... computers on the LAN unless something inside the LAN opens a hole ... use a hardware router that DOESN'T put a Swiss ... >firewall to keep it all upstream of the LAN. ... (comp.security.firewalls) Re: Router with a software firewall. Is this possible? ... opening holes in your NAT on the router. ... computers on the LAN unless something inside the LAN opens a hole ... use a hardware router that DOESN'T put a Swiss ... >firewall to keep it all upstream of the LAN. ... (comp.security.firewalls)