I'm not a newbie to firewalls or networking, but I don't have a degree in them either. I noticed something interesting just now, and I hoped someone could explain this.
I was configuring a fairly simple firewall for my home server, which is behind a NAT router. Since it is a mail server, I needed to open port 25, as well as local ports. Take a look:
(This is a rule on the input table on Iptables, and in plain english):
If protocol is TCP and destination is 192.168.2.196 and input interface is eth0 and destination port is 1024:65535 and source port is 25, Accept.
I was thinking about this, and this basically means as long as the person making the request forges it so that their request comes from port 25, they can basically access any non-service port on my server, right?
Is that possible?
Thanks