Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: steve on March 21, 2002, 01:35:33 AM

Title: turn off web proxy
Post by: steve on March 21, 2002, 01:35:33 AM

Any way to turn of the transparent proxy in SME 5.1.2??
I do not want my internal IP information going out to whoever wants it.
This is a security risk.
According to Microsoft (of all people),
"If an attacker identifies the internal address space of you network, the attacker can attempt an IP spoofing attack by sending to your network packets with a source address from the internal network."

It is not a good idea to give out all of this info.

see this link for more info

http://forums.contribs.org/index.php?topic=12931.msg48735#msg48735


-steve

Title: Re: turn off web proxy
Post by: Jon Blakely on March 21, 2002, 02:36:14 AM

Read

http://www.e-smith.org/faq.php3#8q31

It explains all.

Jon

Title: Re: turn off web proxy
Post by: steve on March 21, 2002, 03:27:47 AM

Thanks Jon,
I will give it a try when I get home.

steve

Title: Re: turn off web proxy
Post by: Dubois on March 21, 2002, 05:34:17 AM

Why is this enabled by default then?  Should I also turn this off?  I am now a bit concerned.

Title: Re: turn off web proxy
Post by: Les Mikesell on March 21, 2002, 07:07:20 AM

Note that the SME /etc/rc.d/init.d/masq script that sets up the ipchains firewalling also turns on the kernel rp_filter source address mechanism so there is not much chance that anyone on the outside can get packets through with an inside source address, no matter how much they know about them.