From: Rick on 26 Jun 2010 08:24 What ports do I need to forward from a NAT router? Here's what I have so far: FTP: 20-21 mstsc: 3397-3391 FTPS 989-990 VPN: 1701-1723 IKE: 500;nat-t:4500; esp: 50; ssl 443 ?do we need "private": 49151-65535? ?do we need smtp: 25 if we do NOT run an SMTP server? others?
From: iggster on 26 Jun 2010 15:44 On 6/26/2010 8:24 AM, Rick wrote: > What ports do I need to forward > from a NAT router? > > Here's what I have so far: > FTP: 20-21 > mstsc: 3397-3391 > FTPS 989-990 > VPN: 1701-1723 > IKE: 500;nat-t:4500; esp: 50; ssl 443 > ?do we need "private": 49151-65535? > ?do we need smtp: 25 if we do NOT run an SMTP server? > others? > > It depends. Since you mentioned "from a NAT" router, I assume you are not serving any of those an just want to reach those services somewhere. In that case you do not need to forward anything. Moreover your forwarding exposes your computer(s) to attacks. Especially RDC ports. If I am wrong and you do have services inside and want to open them to outside users, then what you open depends on what you service. You should not and I repeat you should not open ports you do not use and protect. So, you should not open open the SMTP port if you do not run a mail-relay server inside. On another note, if you serve FTP, make sure that it is handled properly by the router or use passive FTP. --- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---
From: Rick on 27 Jun 2010 15:32 iggster wrote: > On 6/26/2010 8:24 AM, Rick wrote: >> What ports do I need to forward >> from a NAT router? >> >> Here's what I have so far: >> FTP: 20-21 >> mstsc: 3397-3391 >> FTPS 989-990 >> VPN: 1701-1723 >> IKE: 500;nat-t:4500; esp: 50; ssl 443 >> ?do we need "private": 49151-65535? >> ?do we need smtp: 25 if we do NOT run an SMTP server? >> others? >> >> > > It depends. Since you mentioned "from a NAT" router, I assume you are > not serving any of those an just want to reach those services somewhere. > In that case you do not need to forward anything. Moreover your > forwarding exposes your computer(s) to attacks. Especially RDC ports. > If I am wrong and you do have services inside and want to open them to > outside users, then what you open depends on what you service. You > should not and I repeat you should not open ports you do not use and > protect. > So, you should not open open the SMTP port if you do not run a > mail-relay server inside. > On another note, if you serve FTP, make sure that it is handled properly > by the router or use passive FTP. > > --- news://freenews.netfront.net/ - complaints: news(a)netfront.net --- That's an affirmative!
From: Rick on 28 Jun 2010 11:31 Rick wrote: > What ports do I need to forward > from a NAT router? > > Here's what I have so far: > FTP: 20-21 > mstsc: 3397-3391 > FTPS 989-990 > VPN: 1701-1723 > IKE: 500;nat-t:4500; esp: 50; ssl 443 > ?do we need "private": 49151-65535? > ?do we need smtp: 25 if we do NOT run an SMTP server? > others? > Forgot about time update on port 123
From: iggster on 3 Jul 2010 16:39 On 6/28/2010 11:31 AM, Rick wrote: > Rick wrote: >> What ports do I need to forward >> from a NAT router? >> >> Here's what I have so far: >> FTP: 20-21 >> mstsc: 3397-3391 >> FTPS 989-990 >> VPN: 1701-1723 >> IKE: 500;nat-t:4500; esp: 50; ssl 443 >> ?do we need "private": 49151-65535? >> ?do we need smtp: 25 if we do NOT run an SMTP server? >> others? >> > > Forgot about time update on port 123 > > > > I thought I answered the question in my post. Did you read it? --- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---
|
Next
|
Last
Pages: 1 2 Prev: Remote access to SOHO Next: Sonicwall L2 enhanced mode, pinging WAN from LAN |