Re: port forwarding issues
Peter A. Felvegi [EMAIL PROTECTED] wrote: i'm about to set up port forwarding on a firewall to be able to reach some hosts on the lan from the outside. i wish to use iptables prerouting rules. my question is, is there a way to detect the port forwarding, and/or get info about the host i forward to (ip address mainly) ? i mean: is an outsider able to do this? supposing that the service i reach is free of bugs. as of my understanding of prerouting, this is not likely. You are right. If the host the connection is forwarded to does not tell the client its IP real address, the client will never get to know it. Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port forwarding issues
On Tue, Jul 01, 2003 at 05:52:35PM +0200, Peter A. Felvegi wrote: hello! i'm about to set up port forwarding on a firewall to be able to reach some hosts on the lan from the outside. i wish to use iptables prerouting rules. my question is, is there a way to detect the port forwarding, and/or get info about the host i forward to (ip address mainly) ? i mean: is an outsider able to do this? supposing that the service i reach is free of bugs. as of my understanding of prerouting, this is not likely. If I understood correctly, there's several ways to detect Port-Forwarding. One may be a slightly lower ttl of packets coming from the 'forwarded' box, another may be a port-scan announcing (port 80) Linux as server-os and an IIS as web-server. the internal ip of the forwarded host will most surely remain unknown to an outsider unless he manages to get _in_side. greetz Horst -- Have you noticed the way people's intelligence capabilities decline sharply the minute they start waving guns around? -- Dr. Who -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: port forwarding issues
Peter A. Felvegi [EMAIL PROTECTED] wrote: i'm about to set up port forwarding on a firewall to be able to reach some hosts on the lan from the outside. i wish to use iptables prerouting rules. my question is, is there a way to detect the port forwarding, and/or get info about the host i forward to (ip address mainly) ? i mean: is an outsider able to do this? supposing that the service i reach is free of bugs. as of my understanding of prerouting, this is not likely. You are right. If the host the connection is forwarded to does not tell the client its IP real address, the client will never get to know it. Paul
Re: port forwarding issues
On Tue, Jul 01, 2003 at 05:52:35PM +0200, Peter A. Felvegi wrote: hello! i'm about to set up port forwarding on a firewall to be able to reach some hosts on the lan from the outside. i wish to use iptables prerouting rules. my question is, is there a way to detect the port forwarding, and/or get info about the host i forward to (ip address mainly) ? i mean: is an outsider able to do this? supposing that the service i reach is free of bugs. as of my understanding of prerouting, this is not likely. If I understood correctly, there's several ways to detect Port-Forwarding. One may be a slightly lower ttl of packets coming from the 'forwarded' box, another may be a port-scan announcing (port 80) Linux as server-os and an IIS as web-server. the internal ip of the forwarded host will most surely remain unknown to an outsider unless he manages to get _in_side. greetz Horst -- Have you noticed the way people's intelligence capabilities decline sharply the minute they start waving guns around? -- Dr. Who