[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: IP Filters and Masq: precisions
- From: Glynn Clements <glynn sensei co uk>
- To: Duncan Simpson <dps io stargate co uk>
- Cc: linux-security redhat com
- Subject: [linux-security] Re: IP Filters and Masq: precisions
- Date: Thu, 13 Aug 1998 02:35:47 +0100 (BST)
Duncan Simpson wrote:
> > That's the kind of questions I'm asking myself and haven't
> > seen any answers about them. Some friend of mine says he heard of a way to
> > circumvent a masq firewall and access a computer inside, but that's as far
> > has he remembers.
>
> The probable method is some form of IP source routing.
Source routing will enable you to get a packet to the masq firewall,
even if the destination address is a private address. The route which
you would need to specify from the masq firewall to the victim would
usually be the route which the packet would take anyhow.
If you are running a masq firewall, you would normally disallow any
other forwarding (replies to masqueraded packets are demasqueraded and
forwarded automatically), so even if you can get the packet to the
masq firewall, you're unlikely to get it any further (even without the
`drop source-routed packets' option.
--
Glynn Clements <glynn sensei co uk>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]