Re: [pmfirewall] $OUTERNET vs $REMOTENET

From: Andy Wood (network.design@home.com)
Date: Tue Nov 14 2000 - 15:17:27 PST

• Next message: katpete: "[pmfirewall] ipmasq problem... why doesn't it work for me"
• Previous message: Patrick Benson: "Re: [pmfirewall] installation problem"
• In reply to: John Frey: "Re: [pmfirewall] $OUTERNET vs $REMOTENET"
• Next in thread: James Nessen: "Re: [pmfirewall] $OUTERNET vs $REMOTENET"
• Reply: James Nessen: "Re: [pmfirewall] $OUTERNET vs $REMOTENET"

Thanks John. I had thought that /32 would only allow the one host pass.

Thanks again.

On Tue, 14 Nov 2000, John Frey wrote:
> Date: Tue, 14 Nov 2000 12:15:04 -0700
> To: <pmfirewall@pointman.org>
> From: "John Frey" <johnf@goldcircuit.com>
> Reply-To: pmfirewall@pointman.org
> Sender: owner-pmfirewall@pointman.org
> Subject: Re: [pmfirewall] $OUTERNET vs $REMOTENET
>
> > So these statements have to do with Internal packs getting out more so
> than
> > external packets access in? Well, what I'm really trying to make sure
> is
> > lets say that I have the following line:
> >
> > $IPCHAINS -A input -p tcp -s 1.2.3.4/32 -d $OUTERNET 22 -j ACCEPT
> >
> > This allows only 1.2.3.4 to SSH in and aeveryone else would be
> > denied/rejected.
> >
>
>
> No, the FORM (since /32 is an impossible network mask) that is "-s" IP is
> in
> would allow anyone on the 1.x.x.x network or 1.2.x.x network or 1.2.3.x
> network depending on what the network mask is ( /8 - /29 )
>
> if the source statement is "-s 1.2.3.4", then only the HOST 1.2.3.4 would
> be
> allowed to SSH in
>
> if the source statement is "-s 1.2.3.4/12", then ANY host on the
> 1.0.0.0/255.240.0.0 network (1.0.0.1 - 1.15.255.254) would be able to SSH
> in
> the this host.
>
> Hope this helps
>
> John
>
>
****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe
> pmfirewall"
> * in the message body to majordomo@pointman.org. Please direct other
> * questions, comments, or problems to pmfirewall-owner@pointman.org.
> *
> * Need answers fast? Check the list archive located at:
> * http://www.pointman.org/PMFirewall/list-archive/
> *
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*

• Next message: katpete: "[pmfirewall] ipmasq problem... why doesn't it work for me"
• Previous message: Patrick Benson: "Re: [pmfirewall] installation problem"
• In reply to: John Frey: "Re: [pmfirewall] $OUTERNET vs $REMOTENET"
• Next in thread: James Nessen: "Re: [pmfirewall] $OUTERNET vs $REMOTENET"
• Reply: James Nessen: "Re: [pmfirewall] $OUTERNET vs $REMOTENET"

This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:37:49 PDT