|
||||||||||
instead of allowing a range from 1-65k, why not just spefically allow the known ports in...80/443..etc, for a given box. This way you won't get some knuckle-head trying to telnet or ftp to a server that may/or maynot have it setup. Additionally, alot of viruses/trojans would be blocked right from the start if your only allowing a specific set of ports. - Don On 6/15/05, Justin Wilson <j2sw at mtin dot net> wrote: > Here is what I did and I don't know what pitfalls there are to this: > > 1.Setup a server nat for each external IP > 2.Setup inbound Nat from external to internal and did a port range of > 1-65,000. > > So far all services are working on the external IP. > > Anyone see problems with this? > > Justin > -- > "It's 10 O'Clock, do you know what your server is doing?" > --- > Justin S. Wilson <j2sw at mtin dot net> > TEL: 765.376.1079 > AOLIM: j2sw > WEB: http://www.jwilson.ws/ > WEB: http://dontknockmysmock.mtin.net/ > > > > From: Don Munyak <don dot munyak at gmail dot com> > > Reply-To: Don Munyak <don dot munyak at gmail dot com> > > Date: Wed, 15 Jun 2005 22:06:39 -0400 > > To: <m0n0wall at lists dot m0n0 dot ch> > > Cc: <j2sw at mtin dot net> > > Subject: Re: [m0n0wall] Routing Ips > > > > Chris is right. > > > > What types of services are your trying to make publicly available for > > your customers ? Is this one customer with many private nodes, or many > > customers trying to access website virtuals...what ?? > > > > You could do 1:1 nat, which is explained in the documentation. > > > > > > > -- Don Munyak Network Administrator Professional Management Group of Virginia |