What ports do I need to forward from a NAT router?
Here's what I have so far: FTP: 20-21 mstsc: 3397-3391 FTPS 989-990 VPN: 1701-1723 IKE: 500;nat-t:4500; esp: 50; ssl 443 ?do we need "private": 49151-65535? ?do we need smtp: 25 if we do NOT run an SMTP server? others?
It depends. Since you mentioned "from a NAT" router, I assume you are not serving any of those an just want to reach those services somewhere. In that case you do not need to forward anything. Moreover your forwarding exposes your computer(s) to attacks. Especially RDC ports. If I am wrong and you do have services inside and want to open them to outside users, then what you open depends on what you service. You should not and I repeat you should not open ports you do not use and protect. So, you should not open open the SMTP port if you do not run a mail-relay server inside. On another note, if you serve FTP, make sure that it is handled properly by the router or use passive FTP.