[Shorewall-newbies] Newbie - How to open range of RTP ports

Tom Eastep teastep at shorewall.net
Sat Jan 10 19:49:45 PST 2004


On Sat, 10 Jan 2004, Balaji NJL wrote:

>
> i agree with Tom. But what other option we hv here.
> Not only asterisk, i
> believe there are many other server/services where we
> need to open a range
> of ports.
>

Two points:

a) As every fisherman knows, the number of fish you catch depends on the
size of the net that you cast. So forwarding a large number of ports
creates more exposure than opening a few (ok -- some ports are more often
exploited than others but you get the idea).

b) Francesca's point is that when you create this sort of exposure, you
should isolate the exposed server from the rest of your systems by placing
it on a separate LAN segment (DMZ).

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-newbies mailing list