Internal IP exposed

Hi,
I visited http://www.testmyfirewall.com and I received the following
error:


Internal IP Exposed!
192.168.1.23
Missing A Patch?


What is wrong with my firewall? Thanx


#!/bin/bash
ETH_INT=eth0
ETH_EXT=eth1
IP_INT=192.168.1.200
IP_EXT=x.x.x.x
ANY=0.0.0.0/0
NET_INT=192.168.1.0/24
NET_EXT=x.x.x.x


iptables -F
iptables -t nat -F


iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP


iptables -A INPUT -s $ANY -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -d $ANY -j ACCEPT


iptables -A INPUT -i $ETH_INT -s $NET_INT -d $ANY -j
ACCEPT
iptables -A INPUT -i $ETH_EXT -s $ANY -d $IP_EXT -j
ACCEPT


iptables -A OUTPUT -o $ETH_INT -s $ANY -d $NET_INT -j
ACCEPT
iptables -A OUTPUT -o $ETH_EXT -s $IP_EXT -d $ANY -j
ACCEPT


iptables -A FORWARD -d $NET_INT -j ACCEPT
iptables -A FORWARD -s $NET_INT -d $ANY -j ACCEPT


iptables -t nat -A POSTROUTING -s $NET_INT -d $ANY -o $ETH_EXT
-j MASQUERADE

On 2005-03-11, Jennifer <(E-Mail Removed)> wrote:
> What is wrong with my firewall? Thanx

Which firewall? Basically you've opened everything from everywhere to
everywhere.

Davide

--
Why doesn't DOS ever say "EXCELLENT command or filename!"

You're right, the thing that doesn't work is the IP masquerading.
Why my internal IP is exposed?

Jennifer wrote:
> You're right, the thing that doesn't work is the IP masquerading.
> Why my internal IP is exposed?

before you worry that much , can we reach you , if you have webserver
launch
http://yourpublicip/yourprivateip
?
(if you do not mind to tell us your public ip)
(if that expression is not correct(any advancer please correct), can
we(outsider) reach you anyway by knowing your public ip and private ip?
)

eric

Jennifer wrote:
> You're right, the thing that doesn't work is the IP masquerading.
> Why my internal IP is exposed?
>

It's probably java on your browser that tells the site your internal IP.

Andy.

I disabled the script execution of Java applets in my browser (Internet
Security tab), but the problem persists.

I launched http://mypublicip/myprivat*eip and I had "Page not found"
(I have IIS5 running).

I'd like to know if you see anything wrong in my "firewall
configuration" in regard to masquerading, or if it is OK.

Thanks all

In article <(E-Mail Removed) .com>,
"Jennifer" <(E-Mail Removed)> writes:
> I disabled the script execution of Java applets in my browser (Internet
> Security tab), but the problem persists.

Are you sure? AFAICT the java applet is downloaded by javascript, so if
either is turned off the page should not work at all. Do you need to
restart your browser or something after making that change?

The java applet appears to open a connection to www.testmyfirewall.com on
port 80 (I deduce this from the fact that browser proxy settings are
ignored for this connection). However although the "internal IP exposed"
message comes up, tcpdump does not show it being passed over that
connection; instead it goes out as a parameter in the next request,
which includes a cookie.

In other words it's finding your IP address out locally and sending it in
a legitimate HTTP GET request. Maybe there is some personal firewall thing
that would guard against that one, but iptables won't.

HTH

--
Peter Greenwood (E-Mail Removed)
http://www.pgid.co.uk
+44 1253 821678

In comp.os.linux.networking Jennifer <(E-Mail Removed)>:
> Hi,
> I visited http://www.testmyfirewall.com and I received the following
> error:

Tried it out, other then crashing mozilla it didn't do anything,
with another browser it worked, but alas no output other then:

Any Spyware will appear below.
Test Complete

...... Nothing ....

> What is wrong with my firewall? Thanx

Looks to me as if you'd allow anything, strictly speaking you
don't have a firewall as you allow anything.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 445: Browser's cookie is corrupted -- someone's
been nibbling on it.

"Jennifer" <(E-Mail Removed)> wrote in news:1110529191.025168.219480
@g14g2000cwa.googlegroups.com:

> I visited http://www.testmyfirewall.com and I received the following
> error:
>

If this is like the other sites I've seen claiming that, the sites are
using client side things like Java and/or Active X controls to get the
information and display it, making you think they know it. In theory,
the applet could send the information back out to them. I tested this by
running IE (6 SP2, fully patched) on a similar site and got back my
internal IP. I then took Firefox 1.0 and got back nothing. If their
webserver could really tell you the private IP, it wouldn't matter what
browser I used.

Indeed, I just ran their site on my workstation here in the office and my
laptop (on separate networks, even), and my private IPs were never
exposed with Firefox 1.0.1 or IE6 SP2. In all cases, there is no active
X enabled, no Java Runtime, and they can't tell me anything. They appear
to be playing with scare tactics.