If there a better forum for discussing IPFW, please direct me there.
I have a firewall machine running FreeBSD 4.10 connected between my DSL modem and my office switch. It does nat and has a basic set of IPFW rules. It is somewhat locked down (kern_securelevel = 1, other recommendations typical for this configuration).
My question is: from a "well" configured firewall, "Should" I be able to nmap the public interface using a console session on the firewall
itself? Will allowing this compromising security of the machine?
Basically, should I even attempt to make this work?
What's a good way to test your own firewall without driving down the road (and hacking into an unsecured linksys wireless router.... just kidding)?
Additional info:
I am still reading "Network Security Hacks" by Andrew Lockhart; not sure if this is covered.....
nmap -v -O -sS my.firewall.com .... sendto in send_ip_raw: sendto(4, packet, 28, 0, n.n.n.n, 16) => Permission denied.
I can nmap to other machine inside and outside my firewall. Machines inside my firewall can nmap machines inside(duh) and outside the firewall. Although doing an nmap from a machine inside my firewall to a machine outside causes the net.inet.ip.fw.dyn_count to grow rather large so I avoid doing this. Same thing if I try to nmap my firewall from a machine inside the firewall. Tried opening up the firewall, still does not work (slightly different error though).
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
