PC Flank scan - WAN/LAN setup - questions with FTP & HTTPS ports

Discussion in 'other firewalls' started by db9, Dec 13, 2008.

Thread Status:
Not open for further replies.
  1. db9

    db9 Registered Member

    May 28, 2007
    I'm not sure what to title this thread, or if I am in the correct forum - but here goes.


    I run Tomato on a WRT54GL and I am trying to do a number of things - maybe to many things.
    1) on my LAN I have a FTP Linux box (opensuse) with the suse firewall turned off - listening on port XX
    2) I have NX & VNC available on this Linux box as well - I wish to be able to connect from the WAN side
    3) I have Tomato SSH running (router) - with external port 3000 and internal port XX

    For NX/VNC - I think (correctly or incorrectly) that I am best to use Putty from the WAN side >connect to the router port (say port 3000, used in the putty setup) then in the setup my destination in the IP address of the Linux box (LB_IP) & the VNC port 5901 using a source port of some number (say 6000)
    Then on the WAN side start a VNC connection to LB_IP:6000

    In Tomato I have (temporarily) opened 8080 and I can remotely connect to the router as a test (I will close this port later) and I have the tunnel port (3000) that directs to internal SSH port XX.
    But I did a scan with PCFlank and obviously it tells me that 8080 & 3000 are open - and when I open port 21 for FTP - this will be open from the outside as well.

    S after all that ...

    1) How exposed am I from a security point of view?
    2) What changes should I make in the way I configure - Ideally I would like to be stealth from the outside.
    3) Since I have SSH from port 3000 to internal XX should I use SSH for FTP as well? Or what is the norm for FTP security based upon different levels of paranoia.

    Thanks for the time to read..
Thread Status:
Not open for further replies.