ecklesd wrote: > > To allow pcANYWHERE remote workstations outside a firewall to connect to > hosts inside the firewall, you must open ports 5631 and port 5632 as you > have done. For the remote workstation , ensure that incoming TCP connections > are allowed from any port from 1024-5000 outside the firewall to port 5631 > inside the firewall. Limiting the source port span to 1024--5000 is not a good idea. Windows boxes, if left with the default settings, will indeed use 1024--5000, inclusive, but as soon as a NATing firewall gets involved, you'll see anything between 1024 and 65535. Limiting the source span to 1024--5000 buys you no additional security, since those ports are exactly the ports any attacker will be using by default. (Unless they're sitting behind a NATing firewall, which they likely won't be doing, as it is an unnecessary obstacle for them.) Regards, Mikael Olsson -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls