instead of allowing a range from 1-65k, why not just spefically allow
the known ports in...80/443..etc, for a given box. This way you won't
get some knuckle-head trying to telnet or ftp to a server that may/or
maynot have it setup. Additionally, alot of viruses/trojans would be
blocked right from the start if your only allowing a specific set of
On 6/15/05, Justin Wilson <j2sw at mtin dot net> wrote:
> Here is what I did and I don't know what pitfalls there are to this:
> 1.Setup a server nat for each external IP
> 2.Setup inbound Nat from external to internal and did a port range of
> So far all services are working on the external IP.
> Anyone see problems with this?
> "It's 10 O'Clock, do you know what your server is doing?"
> Justin S. Wilson <j2sw at mtin dot net>
> TEL: 765.376.1079
> AOLIM: j2sw
> WEB: http://www.jwilson.ws/
> WEB: http://dontknockmysmock.mtin.net/
> > From: Don Munyak <don dot munyak at gmail dot com>
> > Reply-To: Don Munyak <don dot munyak at gmail dot com>
> > Date: Wed, 15 Jun 2005 22:06:39 -0400
> > To: <m0n0wall at lists dot m0n0 dot ch>
> > Cc: <j2sw at mtin dot net>
> > Subject: Re: [m0n0wall] Routing Ips
> > Chris is right.
> > What types of services are your trying to make publicly available for
> > your customers ? Is this one customer with many private nodes, or many
> > customers trying to access website virtuals...what ??
> > You could do 1:1 nat, which is explained in the documentation.
Professional Management Group of Virginia