[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  Justin Wilson <j2sw at mtin dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routing Ips
 Date:  Fri, 17 Jun 2005 17:34:37 -0400
instead of allowing a range from 1-65k, why not just spefically allow
the known ports in...80/443..etc,  for a given box. This way you won't
get some knuckle-head trying to telnet or ftp to a server that may/or
maynot have it setup. Additionally, alot of viruses/trojans would be
blocked right from the start if your only allowing a specific set of
ports.

- Don



On 6/15/05, Justin Wilson <j2sw at mtin dot net> wrote:
>     Here is what I did and I don't know what pitfalls there are to this:
> 
>     1.Setup a server nat for each external IP
>     2.Setup inbound Nat from external to internal and did a port range of
> 1-65,000.
> 
>     So far all services are working on the external IP.
> 
>     Anyone see problems with this?
> 
>     Justin
> --
> "It's 10 O'Clock, do you know what your server is doing?"
> ---
> Justin S. Wilson <j2sw at mtin dot net>
> TEL: 765.376.1079
> AOLIM: j2sw
> WEB: http://www.jwilson.ws/
> WEB: http://dontknockmysmock.mtin.net/
> 
> 
> > From: Don Munyak <don dot munyak at gmail dot com>
> > Reply-To: Don Munyak <don dot munyak at gmail dot com>
> > Date: Wed, 15 Jun 2005 22:06:39 -0400
> > To: <m0n0wall at lists dot m0n0 dot ch>
> > Cc: <j2sw at mtin dot net>
> > Subject: Re: [m0n0wall] Routing Ips
> >
> > Chris is right.
> >
> > What types of services are your trying to make publicly available for
> > your customers ? Is this one customer with many private nodes, or many
> > customers trying to access website virtuals...what ??
> >
> > You could do 1:1 nat, which is explained in the documentation.
> >
> >
> 
> 
> 


-- 
Don Munyak
Network Administrator
Professional Management Group of Virginia