I believe you need to open the ports above 1025 to initiate the outgoing connections.
I am sure someone will correct me if I am wrong :-).
This is a fairly common misconception.
You *NEVER* need to (or should!) specify in a firewall (hardware or software) that ports above 1025 need to be open.
The longer answer is that yes, ports above 1025 are used. But they are used in a way that the firewall doesn't need to be concerned about them. Each TCP/IP connection has a client side and a server side. Only the port on the server side needs to be analyzed (the one the client is connecting to), as that port helps determine what the traffic is (SMTP? DNS? HTTP?) . The port on the client side has no connection to the type of traffic, and blocking any port(s) on the client side will either have [1] no effect (if the port(s) aren't ones that are used by the client, such as 5000+ by default on Windows), [2] have a seemingly random effect (blocking anywhere from about 1/10 of a percent of traffic or more, depending on how many ports are blocked), or [3] would block all traffic. None is desired by the administrator of a firewall. Therefore, every firewall should automatically allow such traffic through.
Of course, there is a *SERIOUS* drawback to opening all ports above 1025: It defeats the whole purpose of the firewall. The purpose of the firewall is to block unnecessary traffic, but now you're allowing it. That means that all of a sudden those trojan horses sitting on computers behind the firewall can be accessed by the hackers who installed them (via E-mail or web vulnerabilities, perhaps), and the hackers now have full access to your network.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
