Topic: Firewall Test

[Jehu]

I went to this site www.pcflank.com and I could not believe it when I did a test on the e-smith box.
The test was about to reveal my ip address, to my surprise the website showed my internal ip address 192.168.x.x I was shocked. I thought the whole idea of this e-smith firewall was to hide my internal ip address.
Does anyone know why this happened?

Thanks,
Jehu.

[Dan Brown]

No, I don't know how that happened; I just tried that site and it recognizes my correct external IP address for both the quick test and the advanced port scanner.  I don't know how they would find your internal IP address, but I also don't see that it's really a problem.

Now, a brief editorial comment: is that site run by the Personal Firewall Marketing Association?  Really, I think the statement that "It is urgent that you install personal firewall software" simply because your machine is visible to the 'net (that is, all ports aren't stealthed) is a _little_ too strong...

[Bill Talcott]

It worked fine here as well. Try the ShieldsUp! scanner at grc.com as well. While pcflank.com seems to be geared more toward a home PC directly connected and running a software firewall, Steve Gibson's just lists what ports are open, and what they're generally used for. You should get a lot of open ports when you scan the SME, since it is a server made for running those services...

[gs]

squid configuration file:
http_x_forwarded _for
forwarded_for off

[Jehu]

I read your answer in the forum but I am not sure what it means.
Can you please explain it please.  I am a little new to Linux.  Where is this file and do I need to edit this file.

Thanks,
Jehu.

[Jehu]

Hey, I searched the forum and found this thread. http://www.e-smith.org/faq.php3#8q31
After doing this I went back to that website and it now shows my external ip address like it should.

Thanks for all the help,
Jehu.

[Duncan]

Dan Brown wrote:
 
> Now, a brief editorial comment: is that site run by the
> Personal Firewall Marketing Association?  Really, I think the
> statement that "It is urgent that you install personal
> firewall software" simply because your machine is visible to
> the 'net (that is, all ports aren't stealthed) is a _little_
> too strong...

Agreed, most of these sites are crap (i actually saw one once start scanning someone else thinking it was me and then told me i was open to the world) or are run by some seriously paranoid people i.e Steve Gibson.

With respect to the original post (and this has been said many times before), if you think you have a security issue let the guys at Mitel know privately. It does no one any good if say for instance you actually do find a security issue and then proceed to tell the world about it by posting it on an open forum.

If you think there is an issue with respect to your browser requests broadcasting your private ip addresses to the internet consider this. Every time you make a request to the internet you tell the world so much about your self ie what screen resolution you are running, what type of browser you are using and much much more. Also if a hacker where to get thru your firewall they would have your private network range in about 2 seconds flat.

Finally, although turning off transperent proxy might solve your problem it does in fact serve a useful purpose where by it forces all users on the lan to use the proxy whether they want to or not. This allows (amongst other things) for monitoring of website visits or access control to various undesirable websites etc.

Regards Duncan