0

I am on a 192.x.x.x network and have a local server that hosts some webapps for the local users of the network. The server is running:

  • Ubuntu
  • VPN
  • Nginx Reverse Proxy with the site.conf including: allow 192.168.1.0/24; deny all;
  • Locally generated SSL certificates, with root keys installed on client machines

When I nmap -A -p- my local IP address I get a variety of open ports that correlate with the reverse proxy or the OS (ssh, cupsd, etc.) When I do the same nmap to the public IP that the VPN uses, I only get two ports open 59 and 8989.

Is it possible for an attacker to get to the local server from outside the network? Is there anything else I can do to limit the exposure of this machine? I only really need internet connectivity to update the OS on this particular machine.

nerdball8000
  • 3
  • 3

1 Answers1

1

Just based on your information it does not look like a direct access from outside is possible. But due to how routers and firewalls on these routers work, scanning the external IP address from inside might give different results compared to scanning the external IP address from outside.

And even scanning from a specific outside might not give reliable results: routers/firewalls might employ strategies to detect and limit scanning, they might give access only to specific IP addresses, there might be some port knocking or similar employed as access control etc. So better check the actual rules on your router and don't treat it like a black box only.

That said, even if direct access from outside is not possible it might be indirect access: if a user on your network uses the browser to access an external attack-controlled web site, this page might initiate access to internal servers. For more on this see Should web applications that are only accessible from a LAN be held to the same security standards as publicly accessible websites? and Can websites access computers in LAN/Localhost through browser & how to block them?.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424