[2043] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] IP Filters and Masq: precisions

daemon@ATHENA.MIT.EDU (Mailing Lists)
Wed Aug 12 04:00:25 1998

Date: Fri, 07 Aug 1998 11:17:31 -0400
To: Craig McDaniel <cpm01@gnofn.org>
From: Mailing Lists <mlist@almerco.ca>
Cc: linux-security@redhat.com
In-Reply-To: <Pine.LNX.4.02.9806181209280.439-100000@satriani.paranoid.n
	et>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

Hi!

>IP Masquerading, but the computers under the firewall *think* they are on
>a normal ip network.  In other words, you don't need to tell the programs
>that they are behind a firewall, they will function normally as they would
>on any network.  The only downfall is you cannot make incoming connections
>to any of those machines..but isn't that the whole idea of a firewall? :)
>Overall, it works great for me...

Ok, perhaps I misphrased a little (I'm french and sometimes.., well ok,
most of the time  struggeling with my english!) ;)  I'll CC this one the
linux-security to clarify what I meant.

I know about how masq works, I already have built one network using it.  I
have 15 computers inside my ip+masq firewall, with the fake ip c class
192.168.x.x, and 5 computers in a normal class C on the outside.  It works
great!  My only concern really is that I want to know if there is any way
for a hacker to directly connect to one of my protected computers from the
outside.  Can a java or activeX applet do the thrick?  Or if a computer
from the inside initiate a connexion to some.evil.org, can this host piggy
backs the link and access the computer from which the connection was
initially made?  That's the kind of questions I'm asking myself and haven't
seen any answers about them.  Some friend of mine says he heard of a way to
circumvent a masq firewall and access a computer inside, but that's as far
has he remembers.

Thanks!

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post