[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewall Question

To: members@xxxxxxxxxxxxxxxxxx
Subject: Re: Firewall Question
From: Adam Tauno Williams <adam@xxxxxxxxxxxxxxxx>
Date: Tue, 05 Dec 2000 10:32:23 -0500 (EST)
In-Reply-To: <000901c05ed3$cc611a00$0100a8c0@knbpower.com>
References: <000901c05ed3$cc611a00$0100a8c0@knbpower.com>
User-Agent: IMP/PHP IMAP webmail program 2.2.1

>This might be in the stupid question department:
>Is it a good idea to tell ipchains to block the Windows Netbios
>protocol from going out on the Internet?

My goodness YES!!!!!  Always, without expect, of course.

>If so, then if I setup a VPN to do Windows shares, will I be able
>still be able to via the VPN, or will I need to reopen the firewall to
>Netbios traffic.

It depends how you block them.  Block them in and out on the "true" external
intfaces IP, and don't block them on the VPN endpoint's IP (you can think of a
VPN connection like a PPP connection, only no modem, no line, etc... just to IP
numbered endpoints).  If you VPN endpoint is not on your firewall, but an
internal box (best scenario yet) you simply needn't worry because the "true"
interface on the firewall will never know that those packets are smb/cifs
because they're encapsulated in the VPN circuit.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505

Follow-Ups:
- Re: Firewall Question
  - From: Richard Zimmerman

References:
- Firewall Question
  - From: Richard Zimmerman

Prev by Date: Firewall Question
Next by Date: Wine 1.0 Prerelease
Prev by thread: Firewall Question
Next by thread: Re: Firewall Question
Index(es):
- Date
- Thread