On Tue, Jul 01, 2003 at 05:52:35PM +0200, Peter A. Felvegi wrote:
>
> hello!
>
> i'm about to set up port forwarding on a firewall to be able to reach
> some hosts on the lan from the outside. i wish to use iptables prerouting
> rules. my question is, is there a way to detect the port forwarding,
> and/or get info about the host i forward to (ip address mainly) ? i mean:
> is an outsider able to do this? supposing that the service i reach is
> free of bugs. as of my understanding of prerouting, this is not likely.
If I understood correctly, there's several ways to detect
Port-Forwarding. One may be a slightly lower ttl of packets coming
from the 'forwarded' box, another may be a port-scan announcing (port
80) Linux as server-os and an IIS as web-server.
the internal ip of the forwarded host will most surely remain unknown
to an outsider unless he manages to get _in_side.
greetz
Horst
--
Have you noticed the way people's intelligence capabilities decline
sharply the minute they start waving guns around?
-- Dr. Who
