> Date: Mon, 6 Sep 1999 09:26:56 -0400 (EDT)
> From: "Paul D. Robertson" <[EMAIL PROTECTED]>
> Subject: Re: FW: Default configuration in WatchGuard Firewall
>
> On Mon, 6 Sep 1999, Ben Nagy wrote:
>
> > If the Watchguard if performing NAT on a dynamic basis (only possible way if
> > it's just one external IP, right?) then why the hell is it routing packets
>
> No, it's most probably performing IP Masquerading, which (as far as I
> recall) simply rewrites the headers for outbound and inbound packets for ICMP.
> Watchguard is Linux isn't it?
>
> > for random internal addresses? In other words, if my host (say 192.168.1.4)
> > hasn't sent any traffic to the outside world, I DON'T expect a packet to
> > arrive at the firewall, ask for my machine, and have a red carpet rolled
> > out.
>
> It shouldn't be.
>
> > Someone reassure me that this box is either misconfigured or that the poster
> > is Just Making It Up?
>
> I doubt they're making it up, but I would say the box is misconfigured,
> by the vendor or the user isn't clear. It would appear that IP routing
> is on, and there are no effective rules for blocking spoofing to the
> outside NIC and/or that ICMP masquerading isn't written as well as it should
> be. If (and I have no idea) Watchguard requires IP routing, then more
> filtering needs to be going on than is. In either case, filters on the
> external interface would take care of the issue.
>
> > # route add -net 192.168.0.0 netmask 255.255.255.0 gw
> > 100.100.100.100
>
> From the DMZ *only* this would work, in normal cases, getting packets with a
> destination address of 192.168.x.x or any other RFC1918 address to
> the external NIC would be more challenging (assuming no IP source routing.)
>
> Places using legal addresses internally would be the only ones vulnerable
> to this from the Internet.
Actually someone is trying to break through our network using
10.10.10.10
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
