Re: [m0n0wall] DMZ by IP?

From:	Max Khitrov <mkhitrov at umd dot edu>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] DMZ by IP?
Date:	Sun, 05 Dec 2004 17:00:27 -0500

Chris Buechler wrote:

>What exactly are you trying to accomplish?  You shouldn't need to
>forward a bunch of ports.
>
>-Chris
>  
>
How would all my servers be accessible from the outside if many ports 
aren't forwarded? I'll have a bunch of services running like mail, http, 
ftp, ssh, vnc, and a number of others. If you consider just the ftp, for 
example, which should be able to work in PASV mode, that will require 
that a number of random ports be forwarded to the server. On my old 
setup, DMZ was the only way to get this to work properly, especially at 
times when port usage is simply unknown.

In either case, this just seems to be like an easy thing to do, so maybe 
a feature for the next release? Basically in NAT forwarding create an 
ability to specify if a port is not forwarded to any specific host, then 
in should go to the default one. Just a thought...