Ping a Specific Port

Question

Daniel W.

Asked: 2013-06-01 04:13:53 +0800 CST2013-06-01 04:13:53 +0800 CST 2013-06-01 04:13:53 +0800 CST

allowing forwarding on a root server, security risk?

772

Having a root server without iptables rules (I know this is not good, it's just temporary tho in my case), and having configuration like this (for VPN reason):

echo 1 > /proc/sys/net/ipv4/ip_forwarding

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

Does this include that any host is able to abuse my root server, use it as a router or forward traffic through it in any way?

1 Answers

Voted

Hauke Laging · Answer 1 · 2013-06-01T04:25:03+08:00

Best Answer

Hauke Laging

2013-06-01T04:25:03+08:002013-06-01T04:25:03+08:00

No. Only hosts on the same (physical or virtual) link can do that. The reason is that you must create a layer 2 (e.g. Ethernet) packet which is aimed at your system but contains an IP target address which is not that of your system.

Hosts which need at least one gateway to reach your system need the help of at least one (maybe all, depending on the circumstances) of these gateways to get this done.

1

allowing forwarding on a root server, security risk?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?