+---------- On Aug 19, Andrew Piskorski said: | Or could a client outside the router somehow spoof the peer address to | make it look like the request is coming from a machine on my LAN?
A client outside might be able to spoof the peer address, if your router doesn't drop the packets. Perhaps it does by default or you can configure it to. You have to make it drop any packet arriving on the WAN port with a source address that belongs on the LAN port. For example, I use the 10.* network number on my LAN, and I'm assigned 216.30.134.152/29, so my router is configured to drop any packet arriving from my T1 that has a 10.* or 216.30.134.152/29 source address. In fact there are four address-filtering rules your router should use: - Drop a packet from the WAN with a LAN source address - Drop a packet from the WAN without a LAN destination address - Drop a packet from the LAN without a LAN source address - Drop a packet from the LAN with a LAN destination address -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
