> I have situations in which my vpn router is a peer to a proxy server.
> The proxy server is the default gateway for the servers behind it.
>
> Therefore I use NAT on the internal interface to force traffic to the
servers
> back through the router.
>
> This is approximately the same thing as port
Phillip,
The security implications are the same as having that port on that machine
exposed directly to the internet.
Example:
Portforwarding port 3389 ( Terminal Server ) from the firewall to port 3389
on a NT/2000 system behind the firewall.
Terminal Server is
mistaken, and that port forwarding bypasses all
rules.
Thanks,
Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Fink
Sent: Friday, April 26, 2002 3:55 PM
To: LEAF-List
Subject: RE: [Leaf-user] internal NAT question
Phillip,
The
Tony,
The use of ipmasqadm portfw allows the packets to pass untouched by
ipchains.
Steve
-Original Message-
From: Tony [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 26, 2002 5:09 PM
To: Steve Fink; LEAF-List
Subject: RE: [Leaf-user] internal NAT question
Would not the
t: RE: [Leaf-user] internal NAT question
Tony,
The use of ipmasqadm portfw allows the packets to pass untouched by
ipchains.
Steve
-Original Message-
From: Tony [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 26, 2002 5:09 PM
To: Steve Fink; LEAF-List
Subject: RE: [Leaf-user] int
ssage-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Fink
Sent: Saturday, April 27, 2002 12:46 PM
To: Tony; LEAF-List
Subject: RE: [Leaf-user] internal NAT question
Group,
Sorry for the unintentional curtness of this post
I'm a bit decaffina
EMAIL PROTECTED]>, "LEAF-List"
<[EMAIL PROTECTED]>
cc: (bcc: Phillip Watts/austin/Nlynx)
Subject: RE: [Leaf-user] internal NAT question
Oh good grief, don't apologize! I didn't take offense.
I didn't realize that ipmasqadm portfw bypassed ipchains. Ac
:[EMAIL PROTECTED]]
Sent: Monday, April 29, 2002 7:06 AM
To: Tony
Cc: Steve Fink; LEAF-List
Subject: RE: [Leaf-user] internal NAT question
2.4 iptables is a tool for manipulating netfilter including
NAT and port forwarding. Forwarding does NOT bypass
netfilter, its an integral part of it.
My
Tony:
Heya. Sorry for chiming in late, I had a busy weekend. :)
I believe the information about ipmasqadm "bypassing" ipchains is
incorrect. I've always known it to be described as:
http://www.tldp.org/HOWTO/IPCHAINS-HOWTO-4.html
Some nice ascii art there. Quoting from th