From owner-freebsd-security  Tue Feb 11  4:10:24 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 754FC37B401
	for <freebsd-security@freebsd.org>; Tue, 11 Feb 2003 04:10:22 -0800 (PST)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 20ECE43F3F
	for <freebsd-security@freebsd.org>; Tue, 11 Feb 2003 04:10:21 -0800 (PST)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by cactus.fi.uba.ar (8.12.3/8.12.3) with ESMTP id h1BC7pvn030367;
	Tue, 11 Feb 2003 09:07:51 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Tue, 11 Feb 2003 09:07:51 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To: Redmond Militante <r-militante@northwestern.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: n00b ipf/ipnat questions
In-Reply-To: <20030211002256.GA824@darkpossum>
Message-ID: <20030211090154.R30313-100000@cactus.fi.uba.ar>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Status: No, hits=-100.5 required=5.0
	tests=IN_REP_TO,DOUBLE_CAPSWORD,USER_IN_WHITELIST,NO_MX_FOR_FROM
	version=2.31
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, 10 Feb 2003, Redmond Militante wrote:
>
> i've managed to get it nat'ing one machine so far, the webserver. the public
> ip of the webserver is aliased to the external nic on the gateway machine.
> httpd and ftp work ok behind the gateway box.  i have many questions,
> however.  the first being why - despite the firewall rules i have in place
> on the gateway, when i nmap the public ip of the webserver it shows me all
> sorts of ports being open.  i can't make out from my gateway configuration
> where this is happening.

What ports? is it TCP or UDP? UDP scanning is very prone to false positives.
It would help if you post the nmap flags line you're using and the results,
obsfuscate the IP if you don't want us to know it.

Another posibility is some interception/transparent proxy on your ISP.


			Fer

>
> any advice would be appreciated
>
> thanks
> redmond
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message