Tugger the SLUGger!SLUG Mailing List Archives

[chat] Please pick this apart


I have just written this up for an newbie answer on Masquerading. Do I get full marks or did I stuff it up somewhere.... I put this in the Public domain (just in case it is the best thing since sliced bread).

When you communicate with another machine you have four parts to the address, two IPs and two port numbers. The IP for Telnet MUST be known (how else would you establish your session) so to establish to charlie we get IP 138.25.9.2 and port 21. From firewall box I use 203.1.1.1 (dummy external IP) and a port number say 1044 that is assigned by my computer when I establish the socket. Charlie Telnet knows which port I came from because I am starting the session so it knows how to get back to me. So charlie sends messages to IP 203.1.1.1 port 1044 and I see the response as defined by the telnet application (it prints it to the screen). Stage II masquerade. internal 192.168.1.2 port 1033 tries to connect to 138.25.9.2 port 21. It is outside my network so it uses my default gateway 192.168.1.1. The default gateway has complex logic on it that then changes the IP address to its external address 203.1.1.1 and it dynamically creates a port for it say 5021. It creates a table entry saying anything in on port 5021 goes to 192.168.1.2 port 1033. So when traffic comes back on port 5021 it simply looks at the port substitutes the original ip 192.168.1.2 and port 1033. As far as my workstation is concerned it is getting it directly from charlie because that is what it sees, as far as Charlie is concerned it is getting it directly from my firewall 203.1.1.1 because that is what it sees. This is all smoke and mirrors normally. You take a software solution plop it in and it does this and you just set up the routing rules and say NAT (name and address translation) or Masquerade in the options. Is this a firewall, yes because traffic allowed in to my workstation only gets there if I set up an outwards connection first. In order to attack my workstation I have to talk to you first. In order to be a proper firewall there are a few other things to consider as well, no point having a vanilla windows 95 firewall with redirection software, it is too easy to crack. You must run zone alarm or better yet run Linux :-)
Firewalls are an advanced subject,  I can only give you a beginners guide.