Sorry - deleted the post I am referring to before I had a chance to reply.
The poster mentioned a solution to the problem of ftp transfers in a
screening router environment. The solution was something to the effect:
Allow packets from all external hosts with source port 20 to all (or
some subset of) internal hosts with destination port > 1023, established.
The only part I disagree with is the "established" part; I am assuming this
is referring to passing/not passing the "start of connection" packet, or the
packet that contains both SYN and ACK. It is my understanding that by
using this keyword in your access lists, the remote machines would have a
difficult time initiating the data connection...
I am also assuming that the above would be applied as an outbound access list
on the internal side of the screening router, as the rest would not make
Do I have this incorrect?
______/ Jeff LaCoursiere FastLane Communications
/ Network security/services mail info @
___/ lacoursj @
__/ ASTLANE Communications! Connecting America to the Internet...