[Shorewall-users] lan addreses visible

Tom Eastep teastep at shorewall.net
Thu Sep 2 12:31:29 PDT 2004


On Thursday 02 September 2004 12:28, richard wrote:
> Tom Eastep wrote:
> > On Thursday 02 September 2004 11:07, richard wrote:
> >>Where is the documentation on stopping addresses of machines on a Lan
> >>being visible to scanning s/w when masquerading through a firewall.
> >
> > Usually, setting the 'norfc1918' option on your external interface is all
> > you need.
> >
> > -Tom
>
> Thanks Tom , I was a bit warey of using that as the first router up line
>   is 10.48.0.1, but sitting it does not seem to stop wanted incoming
> traffic.

You can always add an exception record for 10.48.0.1 in your rfc1918 file 
(copy /usr/share/shorewall/rfc1918 to /etc/shorewall and modify it).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20040902/3b41fd6a/attachment.bin


More information about the Shorewall-users mailing list