Hi Mario, This doesn't answer your question exactly, but here's how I test firewalls:
First run tcpdump or ethereal to capture all packets, on the inside of the firewall. Then, from the outside side of the firewall, do all your port scanning and stuff. If a single packet makes it through, it will show up in tcpdump or ethereal. nmap is a good scanner as it will allow you to scan complete port ranges and probably on a range of IPs as well. Netcat (the command nc) is also good -- it is like telnet, but it can establish connections either as a client or server, and it can also work in UDP mode like a UDP telnet client and server. It can also port scan, I believe. There's another graphical tool called packETH who's webpage is down at the moment, but which is a rather nice arbitrary packet generator which allows you to construct any sort of packet you want, and send any number of them you want. One thing to watch out for with fwbuilder based firewalls is that with some styles of rules, the rules may be bypassed if a packet from outside arrives on the 'outside' interface with a destination mac of the outside interface, but a destination IP of any internal IP -- like 192.168.0.4. (This scenereo would a likely thing to happen where somebody on your "public" network set their computer's default gateway to your public IP, for example.) Hope this helps, -Jesse [EMAIL PROTECTED] wrote: > Hello List, > > we have set up a firewall and would like to test the setup. > Its not as simple as nust running a portscanner against it because you > need to have services listen behind the required services. > > I am looking for some server-client tool where i can set up a config to > open up tcp and udp services on multiple port and port ranges. > > Can someone recommend such a tool? > > Thanks, Mario > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Fwbuilder-discussion mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > > > -- Nikola Engineering Inc. 224 W. Washington St. Suite 104 Sequim, WA 98382-3371 Tel (360)582-1051 Fax (360)582-1104 -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
