-
From: Jonathan Chen [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 12:20 AM
To: fbsd_user
Cc: Micheal Patterson; [EMAIL PROTECTED]
Subject: Re: ipfw/nated stateful rules example
On Tue, Jan 20, 2004 at 09:18:27PM -0500, fbsd_user wrote:
Yes you are making it work, but not work
- Original Message -
From: fbsd_user [EMAIL PROTECTED]
To: Jonathan Chen [EMAIL PROTECTED]
Cc: Micheal Patterson [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 7:29 AM
Subject: RE: ipfw/nated stateful rules example
You must have missed reading some parts
Micheal Patterson wrote:
Whereas what I'm doing Private LAN Keep-State NAT World is not secure
and would not be accepted by a security professional? How do you figure
that either method is more or less secure than the other? If stateful is
breached in either method, the underlying network is
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Micheal
Patterson
Sent: Wednesday, January 21, 2004 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: ipfw/nated stateful rules example
- Original Message -
From: fbsd_user [EMAIL PROTECTED]
To: Jonathan Chen [EMAIL PROTECTED]
Cc: Micheal
On Wed, Jan 21, 2004 at 08:29:32AM -0500, fbsd_user wrote:
[...]
As far as the question of using keep-state rules on both the private
and public interfaces this is cross population of the single
stateful table and returning packets are being matched to entries in
the stateful table which do
Ken Bolingbroke wrote:
I just jumped in the middle here, so I may be out of context.
But, stateful rules don't play nice with NAT.
You're quite right, they don't play nice at all.
[EMAIL PROTECTED] wrote:
I disagree with you that the /etc/rc.firewall is the best example.
It's really a good
: ipfw/nated stateful rules example
- Original Message -
From: Ken Bolingbroke [EMAIL PROTECTED]
To: fbsd_user [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 19, 2004 10:28 PM
Subject: RE: ipfw/nated stateful rules example
On Mon, 19 Jan 2004, fbsd_user wrote:
That's
fbsd_user wrote:
The conclusion so far is that ipfw1 and ipfw2 using keep-state rules
on the interface facing the public internet with divert/nated does
not work period.
Probably my post hasn't reached you yet. I think you are mistaken if you mean
that keep-state rules cannot be securely used
Alex Yep I missed you previous post, this lists mail has increased
since 5.2 showed up on the FTP sites and I just missed your post in
all volume.
First of all the method of doing keep-state on both the internal Lan
interface and the external is an violation of security protocol
because the
- Original Message -
From: fbsd_user [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]; Ken Bolingbroke
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, January 20, 2004 8:41 AM
Subject: RE: ipfw/nated stateful rules example
As the original poster of this thread, I want
To: [EMAIL PROTECTED]
Subject: Re: ipfw/nated stateful rules example
- Original Message -
From: fbsd_user [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]; Ken
Bolingbroke
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, January 20, 2004 8:41 AM
Subject: RE: ipfw/nated
On Tue, Jan 20, 2004 at 09:18:27PM -0500, fbsd_user wrote:
Yes you are making it work, but not work
correctly. In the true security sense, this is un-secure and
invalidates the whole purpose of using keep-state rules at all. This
would never be allowed by an real firewall security
- Original Message -
From: fbsd_user [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Tuesday, January 20, 2004 8:18 PM
Subject: RE: ipfw/nated stateful rules example
You are doing keep-state on both the Lan interface and the public
interface
- Original Message -
From: Jonathan Chen [EMAIL PROTECTED]
To: fbsd_user [EMAIL PROTECTED]
Cc: Micheal Patterson [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Tuesday, January 20, 2004 11:20 PM
Subject: Re: ipfw/nated stateful rules example
On Tue, Jan 20, 2004 at 09:18:27PM -0500
Friends
In both 4.9 and 5.2 I can not get an rules set to function that only
uses keep-state' rules for outbound and inbound selection control
and the divert rule.
Does anybody have an rules set they can share with me as an sample
for me to see.
Thanks
fbsd_user wrote:
Friends
In both 4.9 and 5.2 I can not get an rules set to function that only
uses keep-state' rules for outbound and inbound selection control
and the divert rule.
Does anybody have an rules set they can share with me as an sample
for me to see.
Thanks
The best sample
PROTECTED] Behalf Of Thomas T.
Veldhouse
Sent: Monday, January 19, 2004 1:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ORG
Subject: Re: ipfw/nated stateful rules example
fbsd_user wrote:
Friends
In both 4.9 and 5.2 I can not get an rules set to function that
only
uses keep-state' rules
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Thomas T.
Veldhouse
Sent: Monday, January 19, 2004 1:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ORG
Subject: Re: ipfw/nated stateful rules example
fbsd_user wrote:
Friends
In both 4.9 and 5.2 I can not get an rules set to function
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Thomas T.
Veldhouse
Sent: Monday, January 19, 2004 1:41 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ORG
Subject: Re: ipfw/nated stateful rules example
fbsd_user wrote:
Friends
In both 4.9 and 5.2 I can not get
fbsd_user [EMAIL PROTECTED] writes:
Sorry but the rule set you posted is doing 'keep-state' on the lan
interface and not the interface facing the public internet. All the
rule statements processing against the public interface are
stateless. Doing stateful testing on the private lan is just
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Lowell
Gilbert
Sent: Monday, January 19, 2004 8:14 PM
To: [EMAIL PROTECTED]
Subject: Re: ipfw/nated stateful rules example
fbsd_user [EMAIL PROTECTED] writes:
Sorry but the rule set you posted is doing 'keep-state' on the lan
interface
On Mon, 19 Jan 2004, fbsd_user wrote:
That's a play on words. And still does not prove stateful rules work on
the interface facing the public internet. There is no documentation that
says keep-state and limit only works on the interface facing the private
Lan network. And the implied meaning
- Original Message -
From: Ken Bolingbroke [EMAIL PROTECTED]
To: fbsd_user [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 19, 2004 10:28 PM
Subject: RE: ipfw/nated stateful rules example
On Mon, 19 Jan 2004, fbsd_user wrote:
That's a play on words. And still does
23 matches
Mail list logo