RE: [gb-users] Tunnel to PSN seems to always hide source address

Wed, 12 Jun 2002 08:52:53 -0700 


Matthew,

You are right with what you say on your internal clients appearing to be
coming from the GB internal IP. I have a way around this. My suggestion is
to create a different "view" of the DNS domain to which the apache server
belongs, for internal clients.

The way I've done this is to have two copies of ISC bind running on one
machine, with two different configs, and two different sets of DNS tables.
The bind for external viewing is setup to listen on a non-standard port
(5353 for example), and the DNS queries from external IP's are tunnelled
(UDP only) from port 53 of the external IP of the GB through to port 5353
on the internal machine. The internal clients are configured to query the
internal DNS IP, and as such, get the "internal" view of the domain.
It also means I can run Dynamic DNS updates quite securely.

I hope this makes sense.

Simon Delicata



                                                                                       
                                                     
                      "Matthew Underwood"                                              
                                                     
                      <matthew.underwood@        To:       "GNATBox Mailing List" 
<[EMAIL PROTECTED]>                                        
                      jemmac.com>                cc:                                   
                                                     
                                                 Subject:  RE: [gb-users] Tunnel to 
PSN seems to always hide source address                 
                      12/06/2002 14:49                                                 
                                                     
                                                                                       
                                                     
                                                                                       
                                                     




In reply to my own query about source addresses being logged by an apache
server in our PSN always showing the IP address of the PSN interface
regardless of the state of the 'hide source address' checkbox on the
tunnel.


Some progress on this front...

Apache is now logging the real source IP address of requests that come in
via the External interface, but is still logging the gateway address for
requests that come via the Protected interface.

Since I was only really concerned with logging IPs of cracking attempts
from the outside world this is fine.

I'm assuming the gateway interface being logged for protected interface
accesses is something to do with protected interface accesses being NAT'ed.

Thanks to Bob Reasoner for his suggestion that the 'Hide Source Address'
changes didn't take affect until the filters had been updated. This seems
to bear out as until I made some changes earlier today ALL IP addresses
were being logged as the gateway address.

So, I guess there's no query anymore.. Unless someone wants to confirm my
suggestion about connections from the protected interface being NAT'ed.

Cheers,

Matt.



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
 http://www.mail-archive.com/[email protected]







---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
 http://www.mail-archive.com/[email protected]

Reply via email to