---------- Forwarded message ----------
From: Peter <peter at iwebsl dot com>
Date: Sep 21, 2005 8:38 AM
Subject: [m0n0wall] newbie question
To: m0n0wall at lists dot m0n0 dot ch


I'd like to tighten up some of my basic rules. I'm aware that when
setting up a rule for http port 80 that you must allow an external
range of 1024 - 65535 to 80 but what about some of the other services?
Is DNS 53 to 53, smtp 25 to 25, pop 110 to 110 or do they have
external ranges as well? Is there a master list that outlines all the
protocols?

TCP/UDP          *       *       master          53 (DNS)        NAT DNS server
TCP                     *       *       server  443 (HTTPS)     NAT ssl server
TCP                     *       *       master  25 (SMTP)       NAT smtp server
TCP                     *       *       master  110 (POP3)      NAT pop3 server



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

http://www.stengel.net/tcpports.htm
well-known ports. This is just one location on the net.

> > I'm aware that when setting up a rule for http port 80 that you must allow an external range of
1024 - 65535 to 80 but what about some of the other services?

This is correct if the traffic is inbound. Opposite for outbound.

If you have problems with a particular service...always check the
diagnostic > logs > firewall. This will tell you what's being blocked,
from and to, and port.

The protocols you've listed are minimal. If you doing any gaming or
VOIP, IM..etc, these are additional ports to consider.

One other thing, no disrespect intended, "newbie question" is a
terrible subject line. Please try to use a more descriptive subject.
It will ultimately help down the road. I have found this list server
and many of it's participant's to be extrememly helpful, with
relatively few "flamers".

Good Luck,

- Don