Internal IP exposed

  • Thread starter Thread starter Jennifer
  • Start date Start date
J

Jennifer

Hi,
I visited http://www.testmyfirewall.com and I received the following
error:

Internal IP Exposed!
192.168.1.23
Missing A Patch?

What is wrong with my firewall? Thanx

#!/bin/bash
ETH_INT=eth0
ETH_EXT=eth1
IP_INT=192.168.1.200
IP_EXT=x.x.x.x
ANY=0.0.0.0/0
NET_INT=192.168.1.0/24
NET_EXT=x.x.x.x

iptables -F
iptables -t nat -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A INPUT -s $ANY -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -d $ANY -j ACCEPT

iptables -A INPUT -i $ETH_INT -s $NET_INT -d $ANY -j
ACCEPT
iptables -A INPUT -i $ETH_EXT -s $ANY -d $IP_EXT -j
ACCEPT

iptables -A OUTPUT -o $ETH_INT -s $ANY -d $NET_INT -j
ACCEPT
iptables -A OUTPUT -o $ETH_EXT -s $IP_EXT -d $ANY -j
ACCEPT

iptables -A FORWARD -d $NET_INT -j ACCEPT
iptables -A FORWARD -s $NET_INT -d $ANY -j ACCEPT

iptables -t nat -A POSTROUTING -s $NET_INT -d $ANY -o $ETH_EXT
-j MASQUERADE
 
| Hi,
| I visited http://www.testmyfirewall.com and I received the following
| error:
|
| Internal IP Exposed!
| 192.168.1.23
| Missing A Patch?
|
| What is wrong with my firewall? Thanx


This is a trick done with either scripting or cookies (in this case
scripting) designed to goad you into buying their product. Use your browsers
security settings to disable scripting and go back. If you've made the
proper adjustments you'll see your internal IP is no longer "exposed."

On that line, that your computer has an internal address of 192.168.x.x is
not much of a security risk. The IPs in that range are not Internet routable
and are shared by literally millions of computers. Were someone trying to
target that particular computer behind your WAN IP it would have taken 22
guesses to find it. ;-)

<soapbox> The practice employed by "testmyfirewall.com" and others like them
to trick the unsuspecting user into a purchase is unscrupulous. Any entity
that has to stoop to such tactics to sell their product should be suspect
(as should their products) and IMO avoided as the modern equivalent of
snakeoil salesmen. </soapbox>

--
D

I'm not an MVP a VIP nor do I have ESP.
I was just trying to help.
Please use your own best judgment before implementing any suggestions or
advice herein.
No warranty is expressed or implied.
Your mileage may vary.
See store for details. :)

Remove shoes to E-mail.
 
Back
Top