[plug] [OT] firewall filtering

Wed, 11 Dec 2002 09:46:48 -0800 

hello all,

This is non-linux related, but I thought I'd ask since there are geeks, nerds,
or both on this list who might be able to help.

I've got a little 4-port SMC Barricade hardware router.  it does DSL, dialup,
NAT, port forwarding.  i've got it set up to point to a virtual DMZ box
(192.168.1.3).  i need to do this because i need to run network games and
the router can't be set up neatly to forward just those ports (it's a
stupidity in the setup, i can't allow a range of ports to be forwarded,
i have to individually specify the ports, and i'd need to specify 101
ports).

there doesn't seem to be a way (the management is web based, i just
surf to 192.168.1.1) either to configure it to block certain ports coming in
from the net (e.g., i want to block TCP and UDP 135,136,137, etc, the
standard windows ports).

to work around this, i've done the following:
1.  allow all incoming connection requests.
2.  but to block the ports i want to block, set port forwarding so
     that requests to those ports are sent to a non-existent internal
     IP (192.168.1.99).

an nmap on TCP ports (from an outside server) shows that the ports are
now filtered.  but an nmap on UDP ports shows that the ports are still
open.  i think though that this is OK since the UDP packets go through
but no reply is sent back since there's no machine at 192.168.1.99.

am i right about that last conclusion?  or should i panic and buy a
real router :).  hehe, not that i'd actually do that.  i just thought i'd
post and ask for opinions since sometimes the discussions, even
if meandering, are useful and i learn things.

tiger

-- 
Gerald Timothy Quimpo  tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph
Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78"
                   Veritas liberabit vos.
                   Doveryai no proveryai.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to