Jacques B. wrote:
On Sun, Mar 2, 2008 at 2:00 AM, Arthur Pemberton <pemboa@xxxxxxxxx> wrote:
On Sat, Mar 1, 2008 at 1:04 PM, Bob Goodwin <bobgoodwin@xxxxxxxxxxxx> wrote:
> >> Ports 995 and 587 had to be opened in the firewall and there was some
> >> resubscribing stuff peculiar to the ISP required. The user name had to
> >> have @wildblue.net appended to it, etc.
You generally don't need to open ports to send email. Do you open port
80 to browse the internet?
Absolutely correct, unless the OP has a firewall rule that only allows
incoming traffic originating from select ports (would be unusual for
the average person and not something I've done, but I can't see why
you couldn't have a rule that only allowed traffic originating from
port 80 into the network for example to prevent kids from using IRC,
gaming, P2P or IM applications, outside of those web based IM clients
designed to get around such limitations).
But outside of that scenario Arthur is correct. Your system is
initiating an outgoing connection on a high port (above 1023) with a
server on their port (port 80, port 993, port 22, whatever). So when
that traffic is coming back in, it's a stateful connection (you've
initiated it, it's not being initiated by the outside) so it will come
back through no problem on typical firewall setups as it's coming from
port 993, port 80, etc, but connecting to that high port on your PC on
which the original connection went out on. Typically you find
yourself having to open ports on your firewall if you are hosting a
service (i.e. web server) to allow incoming connections to that port
on your computer vs you going out on a high port to connect to that
service port on another computer.
Jacques B
Firestarter outbound traffic is set to "restrictive by default" and
when it blocks a function I need I open that port. That seemed like
a conservative approach to me, am I wrong?
Bob Goodwin
