You're quite correct. The in-bound connection will be made through any private port. This whole conversation was just some unregistered user claiming there was something that made ports 2000 & 4000 special or unblockable.

I have one disagreement though. While port 80 will never be blocked, having Gnutella clients all running on that port isn't such a good idea. First because so many are using that port for http. Second, because it would be very hard to differentiate between Gnutella servers and http servers. At least with port 5190, it's easy to tell the difference if the port is used for AIM or gnutella, and there wouldn't be a lot of false positives when scanning for hosts.

As far as FTP... Passive mode is as functional as non-passive mode, so I wouldn't suspect ISPs would be opposed to blocking anything unused above 1023.


One minor correction, the range includes 1024 as well.