Russell Lusignan wrote:
>
> I assume your firewall is NAT'ng right? Make sure that you specify a
source
> port range of 1-65535 and a destionation port of 3389. TCP randomly
selects
> the source port number when a session starts, so if you are filtering on
> source port 3389 and destination port 3389, there is a 1 in 65535 chance
you
> will get through the firewall. Make sense?
Makes sense, but it is just slightly off. For outgoing connections
a random port is selected. This is commonly known as an Ephemeral
Port, and for Win2K is in the range of 1024 and 5000. Opening all
ports, even if only to one destination, is not the best thing to do.
You could roll the dice and select even a smaller range, say 1024 to
3000, since the mechanism for selecting ports is pretty simple and it
is unlikely that a normal desktop user will have enough established
connections to run all the way up into the 5000's.
-Ds
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1638&t=1598
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
