Hey, If I were to setup a transparent proxy on the linux gateway, and tunnel all requests to that, would that work? The reason I don't want NAT is because: A) Its easy to hack into B) Once inside, there is almost nothing keeping the person from a) getting tons of passwords from my network and b) compromising other systems on the network C) It provides almost no protection against blackbox attacks. Thanks!
On Thu, 2004-06-10 at 18:04, Niko Lange wrote: > Is that in putty? Hm, that's what I was wondering... > I guess you want your clients to be able to access more than a single > website and I guess > you don't want to create tunnels for all of them, don't you? > So theoretically you'd have to put 0.0.0.0:80 in the destination box, which > is basically every webserver > in the world. > Still I'd like to hear about your opinion on NAT, and why you think it is > unsafe. IMHO tunneling > all http through ssh, is total overkill, and will demand quite some > processing power for decryption/encryption > on the gateway side. > > Niko > > ----- Original Message ----- > From: "Danny" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, June 10, 2004 9:56 PM > Subject: Re: [Security Firewall] NAT/SSH Tunneling > > > > In the destination host section, am I supposed to put the website I wish > > to connect to or the server I installed sshd on and want to be my > > gateway? Thanks! > > > > On Thu, 2004-06-10 at 17:54, Niko Lange wrote: > > > Hm, I don't really get it? How can a hacker break in a NATted network, > by > > > other means than a whole in > > > the firewall or a bug in some client software, anyone said IE ;-) ? > Could > > > just be something I don't know about, though. Could you explain what you > > > mean? > > > Tunneling works for me, on mnf 8.2 though, without problems. But I am > not > > > sure what you are trying to do is possible at all, since I think > tunneling, > > > requires a defined endpoint where you are trying to tunnel to the whole > > > world (like 0.0.0.0:80 ). Not entirely sure though, I have to admit... > > > > > > Niko > > > > > > ----- Original Message ----- > > > From: "Danny" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > > > Sent: Thursday, June 10, 2004 9:41 PM > > > Subject: [Security Firewall] NAT/SSH Tunneling > > > > > > > > > > Hey All, > > > > I'm doing a science project on securing a network of insecure > computers, > > > > by placing a single Linux Mandrake 9.2 box between the computers and > the > > > > internet, and changing as little as possible on the network boxes > > > > themselves (no installing firewalls, that kinda stuff). > > > > The biggest problem I'm trying to figure out is NAT. Yes it is good to > > > > stop the beginner hacker, but as I have learned the hard way, it won't > > > > stop a good hacker for very long. I've tried SSH Tunneling, but never > > > > got it to work. The machines could SSH into the linux box, but never > get > > > > a webpage, even with ports 80 and 53 tunneled to all addresses. > > > > So is there a better alternative to NAT. or could someone help me get > > > > SSH tunneling to work? > > > > Thanks! > > > > Danny > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > -- > > > ---- > > > > > > > > > > ____________________________________________________ > > > > Want to buy your Pack or Services from MandrakeSoft? > > > > Go to http://www.mandrakestore.com > > > > Join the Club : http://www.mandrakeclub.com > > > > ____________________________________________________ > > > > > > > > > > > > > > > > ______________________________________________________________________ > > > ____________________________________________________ > > > Want to buy your Pack or Services from MandrakeSoft? > > > Go to http://www.mandrakestore.com > > > Join the Club : http://www.mandrakeclub.com > > > ____________________________________________________ > > > > > > > > > ---------------------------------------------------------------------------- > ---- > > > > ____________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > > Join the Club : http://www.mandrakeclub.com > > ____________________________________________________ > > > > > > ______________________________________________________________________ > ____________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Join the Club : http://www.mandrakeclub.com > ____________________________________________________
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
