[CLUE-Tech] proper setup of NAT
Mike
lister-clue at gantsfort.com
Mon Aug 2 22:55:26 MDT 2004
All,
The power supply on my firewall recently died so after replacing it I
discovered that my firewall floppy disk was unreadable. I'm using Coyote
Linux. After remaking the firewall floppy, I had a little trouble
getting the ports open that I wanted (22 and 25). So to debug this I did
a port scan using the site at www.auditmypc.com. In addition to the open
ports it returned this ominous sounding message:
Notice!, your natted (or real) IP address is 192.168.0.10.
This information can be used to track your activities. I
should not be able to obtain this information if your security
is properly configured!
Okay, so what do I need to change/add to my iptables so that my real IP
address is hidden? And for background info, I know very little about
iptables. I'm looking for an exact command ;). (I know I should learn
more about iptables but so much to learn in Linux so little
time...sigh...I thought I would be better off getting a ready-made
firewall.)
On another security note I've gotten a handful of these type of log
messages:
Jul 30 21:20:06 xxx sshd[12529]: Illegal user test from 211.184.226.193
Jul 30 21:20:18 xxx sshd[19500]: User guest not allowed because shell
/dev/null is not executable
So someone in China or Korea is trying to log into my machine that is
behind the firewall. I have no user test on this system. I do have a
guest account but as the log says the shell is /dev/null. What is the
purpose of the guest account? Can I safely delete the guest account? Is
there still a risk with user test even though I have no user test? In
short, what should I check or change to make sure these knuckleheads
don't get in? I've recently ran chkrootkit and all was okay from that
aspect. Anything else I should check to make sure this box hasn't been
cracked?
Thanks for the help,
Mike
More information about the clue-tech
mailing list