I'm trying to configure a relatively secure home FTP server that will only accept connections from my work PC.
On my home network, I'm running the FTP service on a Linux (Mandriva 2005) box. In my Netgear router, I forwarded port 21 to the Linux box and created a filter rule that drops any port 21 packets NOT originating from my work IP address.
Things appeared to work well in that I could connect to the FTP server from my work PC and not from any other external PC. However, when I ran GRC's ShieldsUP test and Sygate's Security Scan from my home network, both tests showed that while my port 21 was stealthed, my port 20 was NOT stealthed (it was closed).
Why the heck is my port 20 unstealthed when port 21 is the one and only port forwarded to the Linux PC? I realize that I can create a filter rule to block unwanted port 20 traffic as well, but how is it getting through in the first place if I'm not forwarding port 20 and port 21 is stealthed? It almost seems like the Netgear router is port-forwarding 20 and 21, even though I only specied port 21. This really has me scratching my head.
Any insight would be appreciated. Thanks.