NAT Reflection Pure NAT quick question

xlameee

Hello

Just a quick question to make sure I haven't compromised my security.

Just installed MINIO and assigned hostname to its IP, but because I minio need to be accessed by port 9000 like minio.domain.ltd:9000 and one of the applications I am running required to create a CNAME pointed to minio domain, but CNAME cannot to pointed to domain with port I had to create a Port Forward Rule

Interface: MINIO_VLAN
Protocol: TCP
Source Address: ANY
Source Port : ANY
Destination Address: "The IP of the MINIO"
Destination Port: HTTP
Redirect target IP: "The IP of the MINIO"
Redirect target port: 9000

NAT reflection: Pure NAT
Filter rule association: "I left it as it is was create"

Is this rule open port to outside that can be exploit ?

Thank you

DaddyGo

@xlameee said in NAT Reflection Pure NAT quick question:

Is this rule open port to outside that can be exploit ?

Hi,

Every port you open on the firewall compromises the security of your infrastructure...

yet often inevitable

what I would advise you that, you are not the only one who knows the basic ports of known applications, the scanners know them well

whenever possible configure the application for a non-basic port, drop the port to 40-50K range

Forget http if possible and go to https - or use a proxy