Re: How did they get behind my NAT?

In article <1192129020.255191.189450@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
maniaque27@xxxxxxxxx says...

The double NAT setup makes sense, I did not understand that you meant
using the first NAT as DMZ.

A DMZ is a secured network that you use for Public hosts that they don't
want to expose their LAN to when they are compromised.

So, look at how this works:

WAN/PUBLIC >> NAT 1 DEVICE >> LAN1 (DMZ) >> NAT 2 DEVICE >> LAN2 (LAN)

So, you put your web server in the DMZ network - that would be the LAN
side of NAT 1 device. In NAT 1 you forward from the public IP to the DMZ
network machines as needed.

In NAT 2 device you don't forward ANYTHING, nothing, nada, zip. This
means that the computers in your LAN network are not exposing anything
to the public for them to vector in on.

So, DMZ is web/ftp/etc servers, (LAN2) is the protected network were
your computers reside.

Make sure that you change the default subnets for each LAN/DMZ.

LAN1 = 192.168.8.1/24
LAN2 = 192.168.9.1/24


--
Leythos - spam999free@xxxxxxxxxx (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
.

Quantcast