PC Flank scan - WAN/LAN setup - questions with FTP & HTTPS ports

Discussion in 'other firewalls' started by db9, Dec 13, 2008.

Thread Status:
Not open for further replies.
  1. db9

    db9 Registered Member

    Joined:
    May 28, 2007
    Posts:
    14
    I'm not sure what to title this thread, or if I am in the correct forum - but here goes.

    NEEWBIE ALERT :D


    I run Tomato on a WRT54GL and I am trying to do a number of things - maybe to many things.
    1) on my LAN I have a FTP Linux box (opensuse) with the suse firewall turned off - listening on port XX
    2) I have NX & VNC available on this Linux box as well - I wish to be able to connect from the WAN side
    3) I have Tomato SSH running (router) - with external port 3000 and internal port XX

    For NX/VNC - I think (correctly or incorrectly) that I am best to use Putty from the WAN side >connect to the router port (say port 3000, used in the putty setup) then in the setup my destination in the IP address of the Linux box (LB_IP) & the VNC port 5901 using a source port of some number (say 6000)
    Then on the WAN side start a VNC connection to LB_IP:6000


    In Tomato I have (temporarily) opened 8080 and I can remotely connect to the router as a test (I will close this port later) and I have the tunnel port (3000) that directs to internal SSH port XX.
    But I did a scan with PCFlank and obviously it tells me that 8080 & 3000 are open - and when I open port 21 for FTP - this will be open from the outside as well.

    S after all that ...

    1) How exposed am I from a security point of view?
    2) What changes should I make in the way I configure - Ideally I would like to be stealth from the outside.
    3) Since I have SSH from port 3000 to internal XX should I use SSH for FTP as well? Or what is the norm for FTP security based upon different levels of paranoia.

    Thanks for the time to read..
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.