How to upgrade Cisco 675 with linux?-update

[Matt Pruett]

Well due to the nature of how this sort of NAT works your not going to
get past the 678 from the outside unless there is a forwarding rule of
some sort. ie: if you forward port 22 ssh the only thing that will hit
your linux firewall is everything comming in on 22. This is because its
working by tracking the orig of outbound connection and then explicitly
allowing the assosiated inbound traffic. Except with 22 which is working
in the oposite fassion. This is why you are not getting and suspicious
port access's on your linux firewall. Just make shure your 678 is
secure. :)

On Mon, 2002-05-13 at 22:51, Michael Wittman wrote:
> On Mon, May 13, 2002 at 05:08:12PM -0700, Eric Richardson wrote:
> > Is anybody using the filtering, NAT, DHCP with cisco and what features 
> > for the Linux firewall. Maybe this is better for another thread.
> 
> I'm using NAT on my 678.  The default NAT settings seem to drop
> incoming TCP connection packets, so I haven't even bothered to use
> filtering.  I assume UDP is dropped as well, based on my (Linux)
> firewall logs.  I've had to explicitly map some ports on the router to
> ports on my Linux box so I could use services like ssh.
> 
> When I was using dialup, I probably had 30 suspicious port access
> attempts logged per month on my Linux firewall.  With the 678, using
> the same Linux firewall rules, I don't think I've seen a single one.
> 
> -Mike
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss