hi, since you are using a private ip block on your network you dont need to block ports to your network because your ips are nonroutable to the outside, meaning they cant be seen or accessed from the outside/internet
you cant do a `telnet 192.168.x.x' or run a webserver on a private ip and expect the connection to go thru the internet and connect to a host somewhere. so youre pretty safe even if you just have a NAT router > hello all, > > This is non-linux related, but I thought I'd ask since there are geeks, > nerds, or both on this list who might be able to help. > > I've got a little 4-port SMC Barricade hardware router. it does DSL, > dialup, NAT, port forwarding. i've got it set up to point to a virtual > DMZ box (192.168.1.3). i need to do this because i need to run network > games and the router can't be set up neatly to forward just those ports > (it's a stupidity in the setup, i can't allow a range of ports to be > forwarded, i have to individually specify the ports, and i'd need to > specify 101 ports). > > there doesn't seem to be a way (the management is web based, i just surf > to 192.168.1.1) either to configure it to block certain ports coming in > from the net (e.g., i want to block TCP and UDP 135,136,137, etc, the > standard windows ports). > > to work around this, i've done the following: > 1. allow all incoming connection requests. > 2. but to block the ports i want to block, set port forwarding so > that requests to those ports are sent to a non-existent internal IP > (192.168.1.99). > > an nmap on TCP ports (from an outside server) shows that the ports are > now filtered. but an nmap on UDP ports shows that the ports are still > open. i think though that this is OK since the UDP packets go through > but no reply is sent back since there's no machine at 192.168.1.99. > > am i right about that last conclusion? or should i panic and buy a real > router :). hehe, not that i'd actually do that. i just thought i'd > post and ask for opinions since sometimes the discussions, even > if meandering, are useful and i learn things. > > tiger > > -- > Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph > Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" > Veritas liberabit vos. > Doveryai no proveryai. > _ > Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph To leave: send "unsubscribe" in the body to > [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at > http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to > [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
