Re: [m0n0wall] ftp and per port

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] ftp and per port
Date:	Sun, 12 Sep 2004 15:08:24 -0700 (PDT)

On Sun, 5 Sep 2004, Stefan Thuering wrote:
> Neil Schneider wrote:
> > Inbound NAT
> > 
> > TCP  	 20  	 INTERNAL_IP  	 20
> > TCP 	21 (FTP) 	INTERNAL_IP 	21 (FTP)
> > TCP 	49152 - 65535 	INTERNAL_IP 	49152 - 65535 	ftp passv
> > TCP/UDP 	53 (DNS) 	192.168.0.20 	53 (DNS)
> 
> Could have used this info a few weeks ago... :)

You don't need special handling for port 20 (except perhaps for a
non-staeful firewall).  Port 20 is only used as the *source* port for the
data connection, but for some reason people keep thinking they need to
worry about it.

					Fred Wright