NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Port Address Translation



On Fri, Sep 29, 2000 at 05:46:05PM -0400, Shawn Chandler wrote:
: 
: I'm curious if anyone else has run into this same situation.  Basically what
: I'm looking to do is have a mail server that is positioned behind a FW-1 4.0
: server answer on port 25 (smtp) only, however on the outside of the firewall
: it will answer on the SMTP port for both ports 25 and another TCP port (999).
: The mail server is currently setup to do automatic NAT in the firewall and
: works just fine.  I've tried adding a NAT entry at the top of my stack stating:
: Source   Dest         port   Xlated Source   Xlated Dest  Xlated Port
: Any      Mail Server   25       Original     Mail server   999

Your reply packets are showing source port 999, not 25 as the remote client
is expecting..  You'll need to undo what you've wrought with another NAT
rule that will reverse the translation..  Think of it like you're doing 
static mode NAT, the rules come in pairs.

Is there any particular reason you're running your SMTP listener on 999?  If
you're trying to gain security by obfuscation, you won't get all that far.
Were I to portscan your mail server, and see something listening on 999, 
that would intrigue me enough to telnet to that port and see what pops up.
At that point, your little ruse is over..

-- 
Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.