[Shorewall-users] lan addreses visible

Tom Eastep teastep at shorewall.net
Thu Sep 2 12:31:29 PDT 2004

On Thursday 02 September 2004 12:28, richard wrote:
> Tom Eastep wrote:
> > On Thursday 02 September 2004 11:07, richard wrote:
> >>Where is the documentation on stopping addresses of machines on a Lan
> >>being visible to scanning s/w when masquerading through a firewall.
> >
> > Usually, setting the 'norfc1918' option on your external interface is all
> > you need.
> >
> > -Tom
> Thanks Tom , I was a bit warey of using that as the first router up line
>   is, but sitting it does not seem to stop wanted incoming
> traffic.

You can always add an exception record for in your rfc1918 file 
(copy /usr/share/shorewall/rfc1918 to /etc/shorewall and modify it).

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20040902/3b41fd6a/attachment.bin

More information about the Shorewall-users mailing list