Richard Freeman on 30 Dec 2009 07:15:25 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] nmap and port forwarding questions

On 12/30/2009 10:04 AM, Casey Bralla wrote:
> "Filtered" means just what you would think it would mean.  They are blocking
> access to port 5432, so this is undoubtedly why you can't connect.
> Just because you have not activated a firewall on your server does not mean
> that some other firewall is active between you and that server.  I would
> discuss this with your server provider and ask for the firewall to be opened
> up for this port.  (I  caution that this may be a security problem, however.)

You could probably do a traceroute on that port and find out about any 
firewalls in-between.  That assumes that the external firewall doesn't 
interfere with it.

I do agree with the security issues - they would probably be better off 
setting you up with VPN access or an ssh tunnel or something rather than 
forwarding the port through the external firewall.  Otherwise, anybody 
who can spoof your IP can get through, or if your external IP is shared 
by many people they provide a lot more people with access than is 
necessary.  I don't really think that it is good practice to expose 
database servers to anything external.  You want external port openings 
to be minimal, and you want anything on those rules to be meticulously 
kept up to date and audited.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --