Hi guys, we have a router connected to the internet, and our internal network is say 192.168.1.0/24 so connections are NATed and thats how we get internet… pretty simple. If i Google “whats my ip” (from my PC), we get the ISP provided live IP, as you would expect… again nothing tricky here.
But, i noticed that if i use say http://www.grc.com port scanner, all the ports are “closed” not “stealth”. So im trying to lock down the actual router against intrusions. What’s the firewall rule to stop any inbound traffic to the actual router its self.
I gave it a bash, but confused about something…
I thought it would be a rule something like:
if dst ip = (our live ip) and input interface = eth3 and chain = input then drop
but since its a NATed network wouldn’t all traffic have the dst ip of the live ip. Also how does it determine the difference between input (traffic to the router) and forward (traffic through the router) when there is a NAT situation… i would have thought it all input (from the outside perspective)