With NAT on FW-1 a
port scan on your valid IP(s) will reveal what your rulebase allows it.
For example if you allow a particular external host to telnet to your firewall,
the port scan would reflect that port being open, only to that IP (or what the
firewall thinks is that IP), If you allow access to any IP for
SMTP to your email server, then any IP that scanned your firewall would
then catch SMTP as being open.
hth
Brendan
-----Original Message-----
From: Dave Black [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 26, 2000 2:46 PM
To: Fw1 (E-mail)
Subject: [FW1] NATs and port scanning - helpHi all,I was wondering what a port scan on an IP that was setup as a NAT would show. Do they just not show any port open because they aren't "real" addresses?Also, would setting up a NAT for a well-known port successfully "hide" that port?TIA.Dave Black
Senior Software Engineer
extendedcare.com
[EMAIL PROTECTED]
Home Page: http://www.daveblack.net
