[UFO Chicago] NAT and port filtering

Robert B. Moses robert.moses@helioslogic.com
Tue, 28 Jan 2003 10:37:32 -0600

This isn't strictly a free OS question ... rather a TCP/IP question (and 
i feel it is a "stupid" one as well..sorry)

I'm having a brain misfire on TCP/IP port filtering (as a poor man's 
firewall. I know that filtering only is not a great substitute for 
Stateful Packet Inspection but it will have to do.)

I need 3 boxes connected to a Netgear router doing NAT and filtering.
None of these boxes run any servers/services...they are simply client 
machies that want to browse the WWW and POP off their email. Easy.
1/2 my mind says "well since you don't need any inbound connections you 
can drop ALL inbound traffic"
the other 1/2 says "don't be stupid, you have to allow the client 
initiated requests to come back via whatever port it started at..."

I haven't done this in a while but something doesn't seem right with my 
reasoning......any elucidation out there? ;-0
Would blocking/dropping inbound connections 0-1024 be sufficient?

/me grumbles about "Tea-See-Pee/Eye-Pee" mumbo jumbo

Robert B. Moses
1300 W. Eddy St., Unit 2
Chicago, IL  60657