Date: Sat, 15 Apr 2000 23:32:29 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Zachary Drew <drew0054@tc.umn.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd being used as a gateway...security risk? Message-ID: <20000415233229.D46067@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.SOL.4.20.0004152031540.430-100000@garnet.tc.umn.edu>; from drew0054@tc.umn.edu on Sat, Apr 15, 2000 at 08:40:33PM -0500 References: <Pine.SOL.4.20.0004152031540.430-100000@garnet.tc.umn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 15, 2000 at 08:40:33PM -0500, Zachary Drew wrote: > > i'm using a natd box (freebsd) to share one ip address among several > machines. the natd box has is multihomed with 2 NICs (one private one > public). The public network is considered hostile (its on a university > network). > > i wondered if i could use my machine as a gateway from another machine > on the universities network (making that other machine appear to be my > machine) and it turns out i can. The other host i tried this from is on > the same subnet as I. I could login to machine and check where i logged in > from... it would appear that i loged in from the natd host. > > so is running natd like this a security risk? people can simply change > their ip address and make an attack apear to be coming from my ip address? > > could people outside my subnet use my machine as a gateway? How should i > go about fixing this? Should the natd man pages warn of this? Try the "unregistered_only" switch. You can also add a firewall rule that is even more specific, but how to craft it would depend on how you have and want things working. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000415233229.D46067>