How to configure system-config-securitylevel-tui to permit only the internal LAN to access my ADSL router?

Alexander Dalloz ad+lists at uni-x.org
Thu Nov 18 02:18:25 UTC 2004 

Am Do, den 18.11.2004 schrieb Vinicius um 3:01:

> In the scenario below, does an ADSL modem (router) in generally defaults
> to deny access to the ports 21, 23 and 80, please?
> 
> TIA, Vinicius.
> 
> ------------
> |          |
> | Internet |
> |          |
> ------------
>        |
> --------------
> | Public IP  |
> --   ---    --
> |            |
> | M. ADSL    |
> |            |
> --   ---    --
> | Private IP |
> --------------
>      |
> ------------
> |          |
> | Private  |
> | Network  |
> |          |
> ------------
> 
> ______________________________________________________________________
That depends. I suspect it is a hardware router - previous I thought you
were talking about a PC running Fedora. So, if you don't let the router
forward the ports 21 (FTP), 23 (Telnet) and 80 (HTTP) to an internal
host, then why should it accept connections on these ports from the WAN
side? Administration should be done from internal, from the LAN port
connections. Probably Telnet and HTTP are open to allow administration
either by a telnet connect with a terminal or by using a browser. Close
it for the WAN side (Internet) as it is insecure. Don't know what the
open port 21 could be useful for (firmware upload?).

In short: if the router does not forward incoming traffic to LAN hosts -
i.e. a webserver on a LAN host - then it is proper that the router
denies connections on the ports you spoke about.

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp 
Serendipity 03:16:00 up 5:01, 16 users, 0.09, 0.31, 0.40 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041118/66768139/attachment-0001.sig>

More information about the fedora-list mailing list