On Fri, Feb 08, 2002 at 10:45:15PM -0500, Jeff Bonner wrote: ... > Last but not least, it's difficult to gauge my success (or failure) > because I can't use a machine *outside* the firewall to run nmap against > this setup. Yes, I do have another system with Linux, but it's not > located right next to this one, where I could immediately make changes > and observe results. Perhaps in the near future I can run a dial-up for > that purpose, though.
A simple minded solution could be: 1) unplug the firewall from the internet 2) swap the internal and external ip addresses in your firewall rules [ you do use env-vars in your firewall to point to the different interfaces, don't you :] 3) test from a local machine that is now seen by the firewall is belonging to the hostile internet -- groetjes, carel