RE: ipfw/nated stateful rules example

- From: Jonathan Chen [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 12:20 AM To: fbsd_user Cc: Micheal Patterson; [EMAIL PROTECTED] Subject: Re: ipfw/nated stateful rules example On Tue, Jan 20, 2004 at 09:18:27PM -0500, fbsd_user wrote: Yes you are making it work, but not work

Re: ipfw/nated stateful rules example

- Original Message - From: fbsd_user [EMAIL PROTECTED] To: Jonathan Chen [EMAIL PROTECTED] Cc: Micheal Patterson [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 7:29 AM Subject: RE: ipfw/nated stateful rules example You must have missed reading some parts

Re: ipfw/nated stateful rules example

Micheal Patterson wrote: Whereas what I'm doing Private LAN Keep-State NAT World is not secure and would not be accepted by a security professional? How do you figure that either method is more or less secure than the other? If stateful is breached in either method, the underlying network is

RE: ipfw/nated stateful rules example

: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Micheal Patterson Sent: Wednesday, January 21, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: Re: ipfw/nated stateful rules example - Original Message - From: fbsd_user [EMAIL PROTECTED] To: Jonathan Chen [EMAIL PROTECTED] Cc: Micheal

Re: ipfw/nated stateful rules example

On Wed, Jan 21, 2004 at 08:29:32AM -0500, fbsd_user wrote: [...] As far as the question of using keep-state rules on both the private and public interfaces this is cross population of the single stateful table and returning packets are being matched to entries in the stateful table which do

Re: ipfw/nated stateful rules example

Ken Bolingbroke wrote: I just jumped in the middle here, so I may be out of context. But, stateful rules don't play nice with NAT. You're quite right, they don't play nice at all. [EMAIL PROTECTED] wrote: I disagree with you that the /etc/rc.firewall is the best example. It's really a good

RE: ipfw/nated stateful rules example

: ipfw/nated stateful rules example - Original Message - From: Ken Bolingbroke [EMAIL PROTECTED] To: fbsd_user [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, January 19, 2004 10:28 PM Subject: RE: ipfw/nated stateful rules example On Mon, 19 Jan 2004, fbsd_user wrote: That's

Re: ipfw/nated stateful rules example

fbsd_user wrote: The conclusion so far is that ipfw1 and ipfw2 using keep-state rules on the interface facing the public internet with divert/nated does not work period. Probably my post hasn't reached you yet. I think you are mistaken if you mean that keep-state rules cannot be securely used

RE: ipfw/nated stateful rules example

Alex Yep I missed you previous post, this lists mail has increased since 5.2 showed up on the FTP sites and I just missed your post in all volume. First of all the method of doing keep-state on both the internal Lan interface and the external is an violation of security protocol because the

Re: ipfw/nated stateful rules example

- Original Message - From: fbsd_user [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED]; Ken Bolingbroke [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 8:41 AM Subject: RE: ipfw/nated stateful rules example As the original poster of this thread, I want

RE: ipfw/nated stateful rules example

To: [EMAIL PROTECTED] Subject: Re: ipfw/nated stateful rules example - Original Message - From: fbsd_user [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED]; Ken Bolingbroke [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 8:41 AM Subject: RE: ipfw/nated

Re: ipfw/nated stateful rules example

On Tue, Jan 20, 2004 at 09:18:27PM -0500, fbsd_user wrote: Yes you are making it work, but not work correctly. In the true security sense, this is un-secure and invalidates the whole purpose of using keep-state rules at all. This would never be allowed by an real firewall security

Re: ipfw/nated stateful rules example

- Original Message - From: fbsd_user [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 8:18 PM Subject: RE: ipfw/nated stateful rules example You are doing keep-state on both the Lan interface and the public interface

Re: ipfw/nated stateful rules example

- Original Message - From: Jonathan Chen [EMAIL PROTECTED] To: fbsd_user [EMAIL PROTECTED] Cc: Micheal Patterson [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 11:20 PM Subject: Re: ipfw/nated stateful rules example On Tue, Jan 20, 2004 at 09:18:27PM -0500

ipfw/nated stateful rules example

Friends In both 4.9 and 5.2 I can not get an rules set to function that only uses keep-state' rules for outbound and inbound selection control and the divert rule. Does anybody have an rules set they can share with me as an sample for me to see. Thanks

Re: ipfw/nated stateful rules example

fbsd_user wrote: Friends In both 4.9 and 5.2 I can not get an rules set to function that only uses keep-state' rules for outbound and inbound selection control and the divert rule. Does anybody have an rules set they can share with me as an sample for me to see. Thanks The best sample

RE: ipfw/nated stateful rules example

PROTECTED] Behalf Of Thomas T. Veldhouse Sent: Monday, January 19, 2004 1:41 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ORG Subject: Re: ipfw/nated stateful rules example fbsd_user wrote: Friends In both 4.9 and 5.2 I can not get an rules set to function that only uses keep-state' rules

Re: ipfw/nated stateful rules example

: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas T. Veldhouse Sent: Monday, January 19, 2004 1:41 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ORG Subject: Re: ipfw/nated stateful rules example fbsd_user wrote: Friends In both 4.9 and 5.2 I can not get an rules set to function

RE: ipfw/nated stateful rules example

. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas T. Veldhouse Sent: Monday, January 19, 2004 1:41 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ORG Subject: Re: ipfw/nated stateful rules example fbsd_user wrote: Friends In both 4.9 and 5.2 I can not get

Re: ipfw/nated stateful rules example

fbsd_user [EMAIL PROTECTED] writes: Sorry but the rule set you posted is doing 'keep-state' on the lan interface and not the interface facing the public internet. All the rule statements processing against the public interface are stateless. Doing stateful testing on the private lan is just

RE: ipfw/nated stateful rules example

- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lowell Gilbert Sent: Monday, January 19, 2004 8:14 PM To: [EMAIL PROTECTED] Subject: Re: ipfw/nated stateful rules example fbsd_user [EMAIL PROTECTED] writes: Sorry but the rule set you posted is doing 'keep-state' on the lan interface

RE: ipfw/nated stateful rules example

On Mon, 19 Jan 2004, fbsd_user wrote: That's a play on words. And still does not prove stateful rules work on the interface facing the public internet. There is no documentation that says keep-state and limit only works on the interface facing the private Lan network. And the implied meaning

Re: ipfw/nated stateful rules example

- Original Message - From: Ken Bolingbroke [EMAIL PROTECTED] To: fbsd_user [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, January 19, 2004 10:28 PM Subject: RE: ipfw/nated stateful rules example On Mon, 19 Jan 2004, fbsd_user wrote: That's a play on words. And still does