[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux Firewall.
Mike Almogy wrote:
> Hi list. I just finished to read the Firewall-HOWTO.I have few
> questions that it didn't answer (at least i didn't saw a clean
> answer). 1. Why i need to disable the IP_FORWARDING ?
One of the reasons would be to stop unfiltered packets from
going under the rules. Other is that some attacks use fragmented
packets to go under firewall rules and just "let them pass" over
to the internal network. I may be forgetting one of the simpler
justifications. Basically we are trying to prevent external packets
from coming inside without the firewall "blessing" them.
> 2. How can i use REAL IP address (public) ?
Uh ?
> 3. What is the difference between Firewalling and IP Masquerading ?
Firewalling is the use of rules to actually filter packets
based on destination, source and/or content. Masquerading
simply does "hide" a complete internal network behind a
single IP. You may thing that this hiding provides protection,
and to some extent it does - but only to the extent of security
by obscurity, since hopefully probers would not have access to
the internal topology of your network. Of course, a cracked
masquerading box will expose the network completely. That's
where the firewalling comes in, helping to provide access control
and verification.
You can live with both, none, one or the other, depending on your
needs.
hope this helped,
--izar
--------------------------------------------------Aduva/LinuxQA Inc.
Izar Tarandach
Daemon Exorcist,Research Team Lead
--public keys available at:-------------http://www.linuxqa.com/~izar
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il