One of the most happiest moments in anybody’s life and I’m gifted twice. Today I became the proud father of yet another angel, she is all cute and tiny.
Little did I know that I’m in for a surprise after fighting with the whole family that I need a baby girl, yea another one and everyone turned me down saying it is going to be baby boy 
Chinese calendar, Chain swirling test all crap went wrong and I got want I wanted, well we got what we wanted (myself and my Rose 
).
If one is skilled enough, there are many things to be achieved, but does it get to the best place where one can be?
Well, more than Skill; Team Work proves to be the BEST at times.
Now think of some team who’s equally skilled and be able to work in a Team – Well, that is what we call;
‘A High Performing Team’
Watch for the last stunt they perform. I bet, you will see this again!
It is not quite unusual where you do a static port map using the IP address assigned on the outside interface in either PIX or ASA to map different services inside your network, something like this;
1: static (inside,outside) tcp 1.1.1.2 www 10.10.10.2 www 255.255.255.255
2: static (inside,outside) tcp 1.1.1.2 smtp 10.10.10.3 smtp 255.255.255.255
3: static (inside,outside) tcp 1.1.1.2 domain 10.10.10.4 domain 255.255.255.255
4: static (inside,outside) udp 1.1.1.2 domain 1010.10.4 domain 255.255.255.255
It could be either the IP address on the outside interface or an available public IP address as well. Now the problem here is, how do you allow ping to these servers.
The first line; maps HTTP traffic coming over to 1.1.1.2 and redirects to 10.10.10.2 on the inside LAN machine. Now, if I want to allow PING to work for the server 10.10.10.2 from anybody in the Internet, how do I do that?
I’m afraid the answer is ‘You Can’t’ The reason being, there is no 1-1 mapping
Normal Scenario’s where you can do this is, if you do a Static NAT instead of Static PAT as below;
1: static (inside,outside) 1.1.1.2 10.10.10.4 255.255.255.255
2:
3: access-list Outside-In permit tcp any host 1.1.1.2 eq HTTP
4: access-list Outside-In permit icmp any host 1.1.1.2 echo
5:
6: access-group Outside-In in interface outside
If you guys know that it can be done in any other way, lemme know as well
Oh well, if you’re more used to IPTables than any normal firewall software, then of course you’re gonna need that for your Windows machine as well. Nothing wrong about that, the interesting stuff here is about the technology, really and not who made it – if it works well.
Windows IP Firewall (WIPFW) is an open source project that gives you exactly that;
Checkout their page here
WHAT IS WIPFW?
WIPFW is a MS Windows operable version of IPFW for FreeBSD OS. You can use the same functionality and configure it as only you work with IPFW.
IPFW is a packet filtering and accounting system which resides in the kernelmode, and has a user-land control utility, ipfw. Together, they allow you to define and query the rules used by the kernel in its routing decisions.
There are two related parts to ipfw. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the router, based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the router is getting from a certain machine, or how much WWW traffic it is forwarding, for example.
As a result of the way that ipfw is designed, you can use ipfw on non-router machines to perform packet filtering on incoming and outgoing connections. This is a special case of the more general use of ipfw, and the same commands and techniques should be used in this situation.
And one more important piece of info would be;
Q: Whats the difference between WIPFW and IPFW?
A: Now WIPFW is unable to change packets content, so it is impossible to redirect packets. Also WIPFW has no traffic shaper. In the future WIPFW will be using ndis driver which will allow all abilities.
Albert Einstein on Gandhi: "Generations to come, it may be, will scarce believe that such one as this ever in flesh and blood walked upon this earth".
Mahatma Gandhi said:
"An eye for an eye will only make the whole world blind"
"I have nothing new to teach the world. Truth and Non-violence are as old as the hills"
Dr. Martin Luther King, Jr. on Gandhi: "……..If humanity is to progress, Gandhi is inescapable. He lived, thought, acted and inspired by the vision of humanity evolving toward a world of peace and harmony………….."
Some of it good, I hope; to all generations despite the arguments by the way Indian Independence is dealt with, achieved and where we we stand today…
