Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Gone paranoid: private IP to public IP!!

On Saturday, June 29, 2002, at 10:10 AM, Jason wrote:

Well, if you're really concerned, start using NAT. Then you can open only
those ports that you want to have open. It might ease your mind a great
deal.

I'm already using NAT. My MOSXS box nat's all my network users, so the only two machines visible to my ISP are the Cisco router and my server. That's why I didn't immediately realized that they had changed the Cisco's IP and the ones it provides to my network (even though I only use one, it provides more than that), because on a general basis I only work with the network IPs, the nat'ed ones, and hardly ever bother about the Cisco provided ones. In my original post I said that my connection to the Internet was nat'ed around three times, if my suspicions were correct. And by saying that I was counting the first and obvious nat'ing done by my ISP when providing a 10.x address, plus a suspected second one already at their premises, plus the third one I perform here, "in situ". Because of all that masquerading it was practically impossible to get to my network, but now that I have public IPs the situation is quite different. My hosts are still nat'ed by my server, but the server itself is visible to the whole world so I'm really concerned about its security. Even though the Cisco router itself blocks many, if not all, of the incoming ports, I would like to be more handy at maintaining my server's integrity. And that involves being on top of possible open holes in a default installation of Mac OS X Server 10.1 with all the software updates that ever showed up at the app applied.

But following your suggestion, how could I keep track of the ports the nat daemon keeps open in order to forward traffic to my masqueraded hosts? What control could I have over these? I don't want to make my server the most secure machine on the internet only to find out that an intruder got through one of nat's open ports and busted one of my network host, or all the network for that matter... !!


I'd also make sure that your SMTP server is not an open relay (if you're
running one.)


I'm not running mail servers for now, so that's not a concern. I will be getting to that crossroad shortly but I'm already preparing myself for it.

Thanks for your suggestions. Sincerely,...


Juan.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Gone paranoid: private IP to public IP!! (From: Jason <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.