Re: Smoothwall Question..

From: Ralf Quint (Ralf_Quint@hottmail.com)
Date: 03/10/03

• Next message: storm: "Re: Blocking Windows Explorer in firewall"
• Previous message: Ralf Quint: "Re: PCanywhere 10, connections"
• In reply to: Digital_GHost: "Smoothwall Question.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Ralf Quint <Ralf_Quint@hottmail.com>
Date: Mon, 10 Mar 2003 13:13:35 -0800

On Mon, 10 Mar 2003 14:16:19 GMT, "Digital_GHost"
<digital_ghost@Informationsuperhighway.com> wrote:

>Hi,
> Does anyone know whether this is possible using smoothwall?
>
>I have an internal network (192.168.0.0/24) connecting through a smoothwall
>box to the internet. The internal network is assigned a green card and the
>external a red card. Now the external network IP is (for instance)
>62.253.198.6.
>
>There is a rule set up to except all on the external NIC and port forward
>to Port 80 to an IP address on the internal network.
>
>62.253.198.6:80 >> 192.168.0.100:80
>
>And this connects perfectly from the internet.
>
>However should someone from an internal IP try to connect to the website
>
>http:\\62.253.198.6
>
>It fails......
>
>Using my small amount of TCP/IP knowledge I can't understand why this
>request is not being port forwarded by the firewall?? Surely it would know
>its external IP address or even chuck the packet out onto the internet to
>have it sent straight back at it??
>
>I can ping the external IP but not send packets at it and have them
>forwarded?
>
>Am I asking a little too much from my firewall??
>
>Any help would be greatly received..!
>

Smoothwall will not forward a request to access from with the local
net, using the external IP, to prevent IP spoofing.

It's mentioned in the docs and the online help btw...

Ralf

---

• Next message: storm: "Re: Blocking Windows Explorer in firewall"
• Previous message: Ralf Quint: "Re: PCanywhere 10, connections"
• In reply to: Digital_GHost: "Smoothwall Question.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Intermittent Firewall 15108 Events on SBS2003/ISA2004 ... This newsgroup only focuses on SBS technical issues. ... of |> the internal network object). ... If the ISA server receives a package with an |> internal IP as source address from the external port, the package would be |> treated as a spoof attack. ... |> 825763 How to configure Internet access in Windows Small Business ... (microsoft.public.windows.server.sbs) Re: How to get through iptables/NAT, reality and risk calculation ... there have been no security issues with the ... # the external interface, and/or the internal one on all ports but 22 tcp ... # so the firewall itself can't talk to anything but the internal network over ... >> accepting traffic from the internet part of an existing connection (with ... (Security-Basics) 192.168.x.x oddities ... and unrouteable on the Internet. ... from within the internal network. ... Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ... (Security-Basics) Re: Hyper-V, RAAS woes. . . Please help ... From the host I am able to ping www.news.com. ... Can you ping the host's static public IP from the guest? ... > My Hyper-V Guests cannot traverse through NAT to gain internet access. ... Pointed internet network to the internal network ... (microsoft.public.windows.server.general) Re: new to ISA, but not firewalls ... the internal network in a direct way, and this is of the things that ISA2004 ... internet and the internal network, however i don't a know why any one would ... Remember if ISA LAT is empty, ... >> include the internal interface IP. ... (microsoft.public.isa)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)