[ previous ] [ next ] [ threads ]
 
 From:  "Rhon-Kaniel Bramwell" <rhonkaniel at anngel dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "Rhon-Kaniel Bramwell" <rhonkaniel at anngel dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Ports Open?
 Date:  Mon, 1 Nov 2004 20:31:05 -0500 (EST)
> (back to the appropriate list)
>
>
> On Mon, 1 Nov 2004 10:53:28 -0500 (EST), Rhon-Kaniel Bramwell
> <rhonkaniel at anngel dot com> wrote:
>> Ok say that I have a LAN, a WAN (with a few statically routed ips
>> assigned
>> by my ISP to me), and a DMZ.
>>
>> I have the lan natted out to the wan using ip 1.1.1.1 (just an example)
>> and the DMZ natted out via 1.1.1.2
>> However the real ip is 1.1.1.3 on the WAN interface
>>
>> I just have proxy arp setup for 1.1.1.1 and 1.1.1.2
>>
>> When i go and check a Portscan from the DMZ or LAN scanning ip's 1.1.1.2
>> and 1.1.1.3 all my ports are basically open.. :-o
>>
>
>
> No way all your ports are open unless you opened them all yourself.
> What kind of NAT you using, and what firewall rules did you put in?
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>

For the WAN I have one rule:

Block *  *  *  *  *  Wan -> Any

Other than this rule I have no other rules on my wan interface.. plus isnt
the default action to block on all interfaces other than what u explicitly
allow even if there isnt a rule specified..

I should mention that if i use the interface ip to nat... then the same
site shows everything as being blocked.

Im using avanced outbound natting with the rules specified:
iface  source       dest.  target   description

WAN    <x.x.x.0/24>  *    1.1.1.2  Network Out

Interesting..

Rhon