From owner-freebsd-net Sat Oct 21 12: 4:50 2000 Delivered-To: freebsd-net@freebsd.org Received: from piranha.amis.net (piranha.amis.net [212.18.32.3]) by hub.freebsd.org (Postfix) with ESMTP id 8F1F437B479 for ; Sat, 21 Oct 2000 12:04:48 -0700 (PDT) Received: from titanic.medinet.si (titanic.medinet.si [212.18.32.66]) by piranha.amis.net (Postfix) with ESMTP id 876525D45; Sat, 21 Oct 2000 21:04:44 +0200 (CEST) Date: Sat, 21 Oct 2000 21:04:44 +0200 (CEST) From: Blaz Zupan X-Sender: blaz@titanic.medinet.si To: Rudy Cc: freebsd-net@FreeBSD.ORG Subject: Re: Using punch_fw from natd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > You can reduce the numbe of open ports --- ftpd does not use 1024-65535B You can't predict what ports the ftp server uses - my users could be connecting to any ftp server out there which could select any port above 1024. > Users do not have shell accounts on that box, so I am not worried about > leaving a bunch of high numbered ports open. (Is this a mistake?) I'm not protecting just one host, I'm protecting a whole network, with possibly services running out there - for example X uses ports around 6000. I can of course block that, but who guarantees that there isn't some other software listening on some other port on a users Windoze box? Blaz Zupan, Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message