ADSL Router/Firewall
From: TD - Sales Int'l Holland B.V. (td@salesint.com)Date: 12/05/01
- Previous message: Rafael Vidal Aroca: "Re: Encrypted POP3 Access?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "TD - Sales Int'l Holland B.V." <td@salesint.com> To: security-basics@securityfocus.com Date: Wed, 5 Dec 2001 11:46:12 +0100
Hey there,
got a few questions concerning my ADSL connection.
First of all the connection is setup through PPTP. The ADSL router has an IP
of 10.0.0.38. My linux server has 2 Ethernetcards 192.168.0.1 and 10.0.0.150.
The linuxserver establishes a PPTP connection with the ADSL router. The linux
server now gets an extra interface PPP0 with my static IP address. Let's say
it's 11.22.33.44 for the ease. All packets send to 11.22.33.44 are thus
(bridged??) to my linux server. Is it possible to attack the router directly
from the internet? (since the router is not the one with the actual IP
address. That's the linux server. The router should just forward the packets
but it should not process them right?). Far as I know the router can only be
attacked if you have an echo server echo'ing everything back to the adsl
router. Or if you crack/hack the linux server and attack it from there. Is
that true?
Now for the iptables/firewall guru's. I really want to tighten my firewall.
However I need to know something for that. Now if I would only allow traffic
from 10.0.0.150 and 10.0.0.138 on the PPTP ports and block EVERYTHING else!
on 10.x.x.x will I still get packets from the internet? I guess this depends
solely on how PPTP is implemented. since if it's just a forward between them
(not using the tunnel) I won't receive anything anymore (probably just
guessing here). If it's going through the tunnel then I guess I'm save
blocking everything else since it comes out of the tunnel and pass through
fine. However how will iptables see this? Will it see it as packets coming on
eth0 (the 10.0.0.150) OR will it see it only as packets coming in from PPP0
as where the PPTP is hiding/obscuring the traffic between eth0 and the router
making it look like the packets came in straight from the PPP0 interface. I'm
really confused about that concerning these protocols. I mean if the
connection becomes transparent to the firewall I can allow traffic to/from
10.0.0.138/10.0.0.150 on the PPTP ports when the connection is being
established. Then when my username/password is verified and if the PPTP then
hides the traffic as coming from eth0 (10.x.x.x) and shows it as coming in
from PPP0 I could just block everything coming in from eth0 and allow stuff
from PPP0.
I'm not too lazy to read anything :-) so if you have any online docs on this
or something feel totally free to send me just links. They'll be greatly
appreciated.
Kind regards,
Ferry van Steen
- Previous message: Rafael Vidal Aroca: "Re: Encrypted POP3 Access?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
