Chuck Swiger wrote:
Norm Vilmer wrote: [ ... ]
My question is: from a "well" configured firewall, "Should" I be able to nmap the public interface using a console session on the firewall
itself?
Sure. nmap should return close to zero open ports.
Will allowing this compromising security of the machine?
nmap doesn't compromise the security of your machine. Having open ports connected to vulnerable services is the primary security risk.
Basically, should I even attempt to make this work?
What is "this"?
What's a good way to test your own firewall without driving down the road (and hacking into an unsecured linksys wireless router.... just kidding)?
Put another machine on the subnet of your external interface, and do an nmap scan from there. That represents what your ISP would see, or a bad guy who compromised the ISP possibly up through the DSL modem you have.
Sorry about the ambiguity, i was referring to loosening my firewall rules and other settings to allow nmap to work properly. If it "should" work, then I have things either misconfigured or tightened down too much.
Connecting a machine to the public subnet won't work for me. My ISP uses PPPoe, I have one static IP assigned to my firewall's MAC address. I tried it, just to see if it would assign the other machine a dynamic IP if I made a PPPoe connection, but it doesnt.
I tried ShieldsUp website, but it did not work from links (gui-less).
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
