[clug] How to prevent port forwarding
steve jenkin
sjenkin at tip.net.au
Sun Apr 23 03:41:28 GMT 2006
Christopher Zhang wrote on 22/4/06 11:09 PM:
> Hi,
>
> I am interested to find out if it is possible, if so, how, that some
> ISPs prevent 1 registered Internet user to distribute their Internet
> connection by running their computer as a gateway for other users to
> route through. The closest thing I can think of is TTL, since if other
> hosts are routed through the legitimate host, then their TTL will be
> at least be 1 less than if it were coming from the legitimate host,
> without any artificial changes. Is this a plausible way for ISPs ? Can
> anyone show me some iptables commands that the ISPs would do? and also
> how can I change my TTLs and so on.
>
> Thanks
>
> Chris
> --linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
>
I would've thought that devices behind a NAT'ing firewall would be
invisible by definition:
- there is no route to them, they are in a private world.
The external IP nr of the firewall is the only point that can be
reached by tools like traceroute
- There is no TTL difference. The firewall does not relay/rewrite by
packet, but by connection.
- There is no host identifier - all internal IP's are mapped onto the
one external...
cheers
steve
--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://www.tip.net.au/~sjenkin
More information about the linux
mailing list