Topic: Ports over 1024

[Scab]

Is there any way I can open up ports 1024 and above on the firewall .... At this point security is NOt an issue (but it WILL be when it goes live). Can I open up all these ports for testing purposes ?/ I f so How ?? PLease

)

[Darrell May]

Scab wrote:
>
> Is there any way I can open up ports 1024 and above on the
> firewall .... At this point security is NOt an issue (but it
> WILL be when it goes live). Can I open up all these ports for
> testing purposes ?/ I f so How ?? PLease
>
> )

Ports above 1024 are open outbound for all local users.  Inbound they are blocked.

What specific ports do you need opened?  Is this for tcp/udp?

If you don't need/want the firewall set your server to server-only mode.

Darrell

[Scab]

What I am trying to do is portfoward incoming ftp on port 666 to a 192.168.x.x address on the LAN on port 21 ...Got that working ..BUT .....

Because ftp uses a random port above 1024 it seems to be denying the returning packets ....

Any Clues ?

[Charlie Brady]

Scab wrote:
>
> What I am trying to do is portfoward incoming ftp on port 666
> to a 192.168.x.x address on the LAN on port 21 ...Got that
> working ..BUT .....
>
> Because ftp uses a random port above 1024 it seems to be
> denying the returning packets ....
>
> Any Clues ?

ftp is non-trivial to post-forward, since it uses two TCP connections, and the port number used for the second connection is communicated as part of the chtichat on the first connection. You need to read up on the FTP protocol, particularly the PASV option.

Charlie

[Jules]

Read up on it and post my findings huh ??




ok ... I can do that ....

Thanks

[Luke Drumm]

I've found the the ipchains docs found in the standard installation are pretty good.