Shorewall users - Sep 2004 - lan addreses visible

Where is the documentation on stopping addresses of machines on a Lan 
being visible to scanning s/w when masquerading through a firewall.
tnx
Richard

On Thursday 02 September 2004 11:07, richard wrote:
> Where is the documentation on stopping addresses of machines on a Lan
> being visible to scanning s/w when masquerading through a firewall.
Usually, setting the ''norfc1918'' option on your external
interface is all you
need.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Thursday 02 September 2004 12:28, richard wrote:
> Tom Eastep wrote:
> > On Thursday 02 September 2004 11:07, richard wrote:
> >>Where is the documentation on stopping addresses of machines on a
Lan
> >>being visible to scanning s/w when masquerading through a firewall.
> >
> > Usually, setting the ''norfc1918'' option on your
external interface is all
> > you need.
> >
> > -Tom
>
> Thanks Tom , I was a bit warey of using that as the first router up line
>   is 10.48.0.1, but sitting it does not seem to stop wanted incoming
> traffic.
You can always add an exception record for 10.48.0.1 in your rfc1918 file 
(copy /usr/share/shorewall/rfc1918 to /etc/shorewall and modify it).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key