Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » The Site » Old Forums » Kerio - Tiny Support » [Kerio 2.x] My Kerio 2.1.5 rules based on BZ's please critique
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Forum Guidelines ·Kerio/Tiny pre-3.x FAQ ·BBR Security Forum ·Security FAQ
[Kerio 2.x] Rule 'Packet to unopened port received': Permitted »
« [Kerio 4.x] How to make Kerio old approve internet related pro  
AuthorAll Replies

Lilla1

join:2002-04-22
Fall City, WA

reply to FTLNewsFeed
Re: [Kerio 2.x] My Kerio 2.1.5 rules based on BZ's

said by FTLNewsFeed See Profile:
The rule Loopback (no software proxy) is redundant in your rule set since TCP Loopbacks are caught and allowed by your Loopback - Standard rule.
Thanks for pointing that out, I have deleted it. I missed the obvious on that one.

said by FTLNewsFeed See Profile:

As far as FTP I just set the 'Remote Port' to 'Any' since I don't know what port the FTP Server will connect to me (or me to it) on.
The Remote port range I am using is based upon BZ's "permit all (tcp 21, 5001-65535)" approach quoted below... He gives this range for IE passive FTP, and I assume then that I can apply its to my other FTP apps too. If I've gotten it wrong, or not quite right, please advise.

BZ 2003-12-31 13:59:52
The way passive ftp works is you never have to accept inbound ftp communications on tcp 20 which would run like a server, and most ftp servers run as passive these days. A range more like tcp 5000-65535 outbound is better [than 1024-65535] at this point for IE when it comes to ftp communications, along with allowing it out tcp 21.

BZ 2004-01-03 14:21:29
When it comes to ftp communications I ether run permit all (tcp 21,65535), or I have it ask me for posts not already allowed. You need to choose which one you want to do, permitting every outbound ftp connection past the first outbound tcp 21 connection can be annoying, but allows more control. I keep both variations for each browser in my ruleset so I can switch them anytime I want. It will be much more annoying to enable/disable the rule every time you do any ftp downloads, so you need to choose if your going to do the permit all (tcp 21, 5001-65535), or having to permit every outbound ftp communication.

Straight FTP programs should be ok for the outbound communications allowed, just as long as they don't run as a server, unless your dealing with a standard ftp server which required to connect to your computer on port 20 [active FTP]. This will be rare, and you might make a rule to toggle on if you need to if it happens often.
to forum · permalink · 2004-02-22 13:14:59 · (locked)
Forums » The Site » Old Forums » Kerio - Tiny Support[Kerio 2.x] Rule 'Packet to unopened port received': Permitted »
« [Kerio 4.x] How to make Kerio old approve internet related pro  

Tuesday, 01-Dec 09:39:26 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [62] Baltimore To Ban Lazy Cable Installs
· [51] Broadband Killed The Game Console
· [37] Rural Carriers Quickly Embracing Fiber
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [30] Charter Exits Chapter 11
· [22] Midcontinent Socked With Easement Lawsuit
· [4] Monday Evening Links
· [4] ACTA: Global Three Strikes
· [4] Rogers Unveils The ISP Dream Model
· [3] Monday Morning Links
Most people now reading
· Is Microsoft Technet ok to use for my family PC's? [Microsoft Help]
· Windows 7 boot manager editing questions [Microsoft Help]
· Heating - my dad gave me this advice... [Home Repair & Improvement]
· [Rant] called out sick! [Rants, Raves, and Praise]
· Considering Leaving Vonage, who should I Consider? [VOIP Tech Chat]
· Fun screwing with PuG raids. [World of Warcraft]
· Why is VoIP Better than POTS? [VOIP Tech Chat]
· [ PvE] New VoA Achiev [World of Warcraft]
· buying a one way ticket [General Questions]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]