From: Rick on
What ports do I need to forward
from a NAT router?

Here's what I have so far:
FTP: 20-21
mstsc: 3397-3391
FTPS 989-990
VPN: 1701-1723
IKE: 500;nat-t:4500; esp: 50; ssl 443
?do we need "private": 49151-65535?
?do we need smtp: 25 if we do NOT run an SMTP server?
others?


From: iggster on
On 6/26/2010 8:24 AM, Rick wrote:
> What ports do I need to forward
> from a NAT router?
>
> Here's what I have so far:
> FTP: 20-21
> mstsc: 3397-3391
> FTPS 989-990
> VPN: 1701-1723
> IKE: 500;nat-t:4500; esp: 50; ssl 443
> ?do we need "private": 49151-65535?
> ?do we need smtp: 25 if we do NOT run an SMTP server?
> others?
>
>

It depends. Since you mentioned "from a NAT" router, I assume you are
not serving any of those an just want to reach those services somewhere.
In that case you do not need to forward anything. Moreover your
forwarding exposes your computer(s) to attacks. Especially RDC ports.
If I am wrong and you do have services inside and want to open them to
outside users, then what you open depends on what you service. You
should not and I repeat you should not open ports you do not use and
protect.
So, you should not open open the SMTP port if you do not run a
mail-relay server inside.
On another note, if you serve FTP, make sure that it is handled properly
by the router or use passive FTP.

--- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---
From: Rick on
iggster wrote:
> On 6/26/2010 8:24 AM, Rick wrote:
>> What ports do I need to forward
>> from a NAT router?
>>
>> Here's what I have so far:
>> FTP: 20-21
>> mstsc: 3397-3391
>> FTPS 989-990
>> VPN: 1701-1723
>> IKE: 500;nat-t:4500; esp: 50; ssl 443
>> ?do we need "private": 49151-65535?
>> ?do we need smtp: 25 if we do NOT run an SMTP server?
>> others?
>>
>>
>
> It depends. Since you mentioned "from a NAT" router, I assume you are
> not serving any of those an just want to reach those services somewhere.
> In that case you do not need to forward anything. Moreover your
> forwarding exposes your computer(s) to attacks. Especially RDC ports.
> If I am wrong and you do have services inside and want to open them to
> outside users, then what you open depends on what you service. You
> should not and I repeat you should not open ports you do not use and
> protect.
> So, you should not open open the SMTP port if you do not run a
> mail-relay server inside.
> On another note, if you serve FTP, make sure that it is handled properly
> by the router or use passive FTP.
>
> --- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---

That's an affirmative!

From: Rick on
Rick wrote:
> What ports do I need to forward
> from a NAT router?
>
> Here's what I have so far:
> FTP: 20-21
> mstsc: 3397-3391
> FTPS 989-990
> VPN: 1701-1723
> IKE: 500;nat-t:4500; esp: 50; ssl 443
> ?do we need "private": 49151-65535?
> ?do we need smtp: 25 if we do NOT run an SMTP server?
> others?
>

Forgot about time update on port 123




From: iggster on
On 6/28/2010 11:31 AM, Rick wrote:
> Rick wrote:
>> What ports do I need to forward
>> from a NAT router?
>>
>> Here's what I have so far:
>> FTP: 20-21
>> mstsc: 3397-3391
>> FTPS 989-990
>> VPN: 1701-1723
>> IKE: 500;nat-t:4500; esp: 50; ssl 443
>> ?do we need "private": 49151-65535?
>> ?do we need smtp: 25 if we do NOT run an SMTP server?
>> others?
>>
>
> Forgot about time update on port 123
>
>
>
>
I thought I answered the question in my post. Did you read it?

--- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---