|
||||||||
http://www.stengel.net/tcpports.htm On 9/21/05, Don Munyak <don dot munyak at gmail dot com> wrote: > ---------- Forwarded message ---------- > From: Peter <peter at iwebsl dot com> > Date: Sep 21, 2005 8:38 AM > Subject: [m0n0wall] newbie question > To: m0n0wall at lists dot m0n0 dot ch > > > I'd like to tighten up some of my basic rules. I'm aware that when > setting up a rule for http port 80 that you must allow an external > range of 1024 - 65535 to 80 but what about some of the other services? > Is DNS 53 to 53, smtp 25 to 25, pop 110 to 110 or do they have > external ranges as well? Is there a master list that outlines all the > protocols? > > TCP/UDP * * master 53 (DNS) NAT DNS server > TCP * * server 443 (HTTPS) NAT ssl server > TCP * * master 25 (SMTP) NAT smtp server > TCP * * master 110 (POP3) NAT pop3 server > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > http://www.stengel.net/tcpports.htm > well-known ports. This is just one location on the net. > > > > I'm aware that when setting up a rule for http port 80 that you must allow an external range of 1024 - 65535 to 80 but what about some of the other services? > > This is correct if the traffic is inbound. Opposite for outbound. > > If you have problems with a particular service...always check the > diagnostic > logs > firewall. This will tell you what's being blocked, > from and to, and port. > > The protocols you've listed are minimal. If you doing any gaming or > VOIP, IM..etc, these are additional ports to consider. > > One other thing, no disrespect intended, "newbie question" is a > terrible subject line. Please try to use a more descriptive subject. > It will ultimately help down the road. I have found this list server > and many of it's participant's to be extrememly helpful, with > relatively few "flamers". > > Good Luck, > > - Don > |