road runner and external connections
Marvin Bellamy
Marvin.Bellamy at innovision.com
Mon Apr 29 12:26:13 CDT 2002
I was up 'til 5am Sat morning trying to figure this out. BTW, this is
an OpenBSD box I use for a firewall. First problem was the redirection
statements must come before the mapping statements, unlike any of the
examples the documentation gives! Secondly, I couldn't really test this
myself since the mapping is on the external NIC. To make things just a
little more difficult, the mapping for the internal NIC wouldn't work
because of what I assume is DNS weirdness. If you're using redirection
on a router in front of Apache, are there any settings that you need to
use to listen to connections routed from the outside world? I was under
the assumption that ipnat made foreign packets look like they were
coming from your lan to other lan machines.
OT, I noticed a sad number of hits to my server from script kiddies.
They look like Windoze exploits. One in particular asked for cmd.exe.
I've thought about creating an executable that would in do a format c:
or format /mbr or something else as mean and nasty. Anyone know enough
about this exploit?
Jonathan Hutchins wrote:
>>-----Original Message-----
>>From: Marvin Bellamy [mailto:Marvin.Bellamy at innovision.com]
>>
>
>>Has anyone had any difficulty setting their firewalls with
>>redirection to intranet boxes to allow connections from the outside world?
>>
>
>>I'm trying to get ipf and ipnat configured, but nothing seems to
>>be working.
>>
>
>I'm not sure, I tried forwarding the port for Morpheus, a Gnutella client
>for Windows, and still had lots of "unable to connect" messages, but that's
>gnutella anyway. (That's what the bogus connections in my IP table are
>from.)
>
>What kernel and what method (tables, chains, etc.) are you using? Have you
>tried the IP MASQUERADE HOWTO?
>
More information about the Kclug
mailing list