July 20, 2008 02:00am pdt

1. donjohnston 4,300
2. from_exp 2,800
3. blu 2,000
3. AdriendeC 2,000
3. ckimball99 2,000
3. Melaleuca 2,000
3. jazarfinn 2,000
8. networkthug 1,500
9. kdearing 1,400
10. omarfarid 1,350
11. dalesit 1,200
11. keith_al... 1,200
13. naftalig... 1,000
13. tfowles 1,000
13. A2the6th 1,000
13. superiz 1,000

1. donjohnston 4,300
2. AdriendeC 4,000
3. BillBach 3,000
4. from_exp 2,800
5. jaredcall 2,424
6. rsivanandan 2,150
7. blu 2,000
7. Jim_Coyne 2,000
7. Melaleuca 2,000
7. jazarfinn 2,000
7. tlrjohn 2,000
7. ckimball99 2,000
7. Faulkenator 2,000
7. skaap2k 2,000
7. rakeshmi... 2,000

03.17.2007 at 03:34PM PDT, ID: 22456070 | Points: 50

	[x] Attachment Details

which port should be allowed for web servers

Zones: Computer Servers, Windows 2000 Server, Transport

We have a firewall that enable us to block ports - our operating sys is win2k server. If our customer enters in the url box www.oursitename.com on his IE, our server calls asp file that calls dll file doing some calculations and send the answer to customer IE again. It looks simple but, which port is to allow for recieving the customer IE order, and whick port to allow for sending an answer. As we read port 80 but how come the customer IE recieved tcp problem after displaying the url name on the bottom. And what is HTTP TCP UDP, are they related to ports allowance case if we did not block UDP in some cases it works. after many testing we were able to make it work but now the server IE cannot work on the internet we think its port is blocked which we do not know.
Does any body know THE FOLLOWING
- the Ports for get customer IE request
- the port for send an answer to customer IE
- the port to allow our server IE to access internet
- HTTP relation to TCP UDP ARP ICMP

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: saljas

Question Asked On: 03.17.2007

Participating Experts: 4

Points: 50

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
Automotive
New Net Users
New Users

Software
Digital Music
Gaming World
Home Security

Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Displays / Monitors
Handhelds / PDAs
Components
Peripherals
Laptops/Notebooks

Servers
Misc
Apple
Embedded Hardware
Networking Hardware

Storage
Desktops
New Users

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMware
Misc
Web Development

OS
CYGWIN
Voice Recognition
Virtualization
Message Queue
Quality Assurance
Security
Firewalls

MultiMedia Applications
Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals
Devices

Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
Web Computing
WebApplications
IDS
Vulnerabilities
Email Clients
File Sharing

Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Consulting
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMware

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel
Automation

Algorithms
Game
Signal Processing
Project Management
Open Source
Database

Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Web Services

Images
Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration

WebApplications
Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Web Computing

Broadband
Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Lounge
Business Travel
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles
Automotive

Community Support

Suggestions
New to EE
New Topics
CleanUp

Announcements
General
Feedback

Input
EE Bugs

03.17.2007 at 03:43PM PDT, ID: 18741716

Rank: Master

PUNKY:

Please see the link below if there is help that you need:

http://www.portforward.com/english/routers/port_forwarding/routerindex.htm

03.18.2007 at 12:57AM PDT, ID: 18742779

saljas:

To Punky
what you suggested is to read, which we did for too long, what we are looking for is some one to say i.e. for a user on the internet to get to a server open port so and so, and for the server to answer open the port so and so, and if you are using this and that then be aware of opening port so and so, but you should have a rule for that because so and so........
saljas

03.18.2007 at 10:09AM PDT, ID: 18743850

mattedk:

Standard HTTP is TCP port 80
All communication is done through this port.

Thats all you should need, if it doesnt work - your problem is elsewhere.
HTTPS (HTTP over SSL) is 443 - however, you might not be using that.
However, the port would be 80 on your system, but on the client accessing the port is random.

To allow your server's ie to access the internet, you will need to allow outgoing tcp on port 80/443 (again, to allow ssl aswell, you need 443).

03.27.2007 at 02:54PM PDT, ID: 18803911

trarthur:

Have you tried turning the firewall off completely and checking if the site is accessible? Access it from outside and inside the network where the server is. If it's accessible from inside and not outside, the problem is on your perimeter firewall. If it accessible from both inside and outside, the problem is with the firewall loaded on our server 2000 box. What firewall is being used on the server?

Also, you can do a netstat -a from the command line on the server and the remote computer to see current state of all ports and more importantly, what the port numbers are.

03.28.2007 at 12:57AM PDT, ID: 18806344

saljas:

The fire wall is 8Signs and is working fine. Visits from outside and inside are well, but for us to configure it- we depented on the principal of- ( try and see what happens ) without knowing what is going on. The firewall is offering the following ( things ) to be configured and (should) be controlled by us:
1- TCP, UDP, ICMP, ARP, RARP, MAC addresses
2- For each of them is offering the following (services) : Web Server, Web Browsing HTTP, ...etc
3- For each one of them we should set a rule of filtering which is devided into two parts Local and Remote.
4- For each of the last two division it offers a the following:
a- Address must match - options - (My address, All addresses, Address Range from to, Address mask, One address, Group)
b- Port must be - options - (one number, in the range of, any number, 1024-5000, 1024-65535, group)

What is listed before is related to setting the rule of filtering - now there is another story which is related to controlling the addabter connections. And the final story of how to see (or understand) both stories in one integrated concept.

Thank u for ur interest

03.28.2007 at 03:45AM PDT, ID: 18806918

trarthur:

"Visits from outside and inside are well,..." What does that mean exactly....

What happens when you turn the firewall off? This is an important test to see if the issue
is with the local firewall or the perimeter.

What does netstat -a show?

What does the 8Signs logfile show? Any dropped packets at the time a user tries to access the application?

Try the above things to narrow down where the problem is.

03.28.2007 at 07:27AM PDT, ID: 18808312

saljas:

THERE IS NO PROBLEM
All we need is to know what is going on in brief
There are three kinds of visitors to our site,
1- people form outside of our network keyin our site name in the URL box and a request to the internet provider company, forward it to our ADSL then router then 8signs firewall ( we call them outside visits)
2- people from within our internal network (inside visits)
3- a request from the our web server to the site that is on the same machine (inside visits)
Now we do not have any problems with any of them, but we do not know what we did - may be we opended something that should not be opened. (like a port or FTP or what ever)

03.28.2007 at 08:56AM PDT, ID: 18809192

trarthur:

So, you are wanting to see what ports are currently open on your server? Doesn't the firewall software have that config? Does it have a log file?

I'm not sure what your question is. In the original post you said:

"after many testing we were able to make it work but now the server IE cannot work on the internet we think its port is blocked which we do not know"

In your last post you said:

"THERE IS NO PROBLEM"

Do you have an issue with the firewall blocking traffic? Or have you solved that already and now you want to know what ports are open on your server?

netstat -a will list all listening ports and connections.

Do a netstat /? to see all of the available switches associated with netstat. There are many and will give you a lot of information.

Please clarify what your question is.

03.28.2007 at 11:05AM PDT, ID: 18810428

saljas:

After posting the question we changed the setting and every thing is working, but we do not know what we did exactly, we always try and see what happens. In fact we never know how Ports, Services (like HTTP), connections, DSL, and Adabters are related to each other ! So the main isue is to (know that) then we will be able to deal with our server in a better way.
netstat -a is telling which TCP and UDP related to which service and its state, and is not helping much, infact it says porto TCP local address is http which is listining (what does that mean ???)

03.28.2007 at 12:00PM PDT, ID: 18810859

trarthur:

Which setting did you change exactly? If you know what setting you changed, you should be able to determine what ports you opened. Does the firewall software have the ability to show a running configuration that displays open ports, allowed IP's etc...

My recommendation is to close this question as being answered by yourself and open another one
to address which ports are open on your server, perhaps in the "firewall" section of Experts Exchange.
They would be better equipped to answer your new question.

03.29.2007 at 02:04AM PDT, ID: 18814517

saljas:

How to delete and Refund

03.29.2007 at 03:47AM PDT, ID: 18814860

trarthur:

Search and you shall find:

http://www.experts-exchange.com/help.jsp#hi70

I recommend offering up more points for your future questions. It tends to get others involved more.

04.01.2007 at 12:07AM PDT, ID: 18831321

saljas:

We have read the link you sent, infact this is the fourth time we read it - it says
( To delete the question, click the button that says Delete Question )
I can garantee that the above mentioned button never exsists. Any way lets stop this and wait for some one from this site employee, to ask us to close the question.
And for the points, since we do not deal with this site every day - then we do not have the sense of how many for what.
best regards

04.01.2007 at 07:15PM PDT, ID: 18834077

trarthur:

This is what is applicable to you. You need to post it in the Community Support area of this forum and request that this question be closed since you answered it your self.

I answered my question myself. What do I do?

Post a request in the ***Community Support topic area ***asking for a refund, and asking the Moderators to close the question; be sure to post the URL to your question. You will be required to post your solution in your original question. A Moderator will post a notice of your request which will give the participants four days to object to the refund. Note that if it resembles one of the suggested comments, the likelihood is that your request will not be granted, but rather, the points will be awarded to the Expert who makes the suggestion.

04.02.2007 at 01:10PM PDT, ID: 18839257

cemkaraca:

All TCP otherwise declared:
FTP-DATA: 20
FTP: 21
SSH:22 (If you want to allow)
SMTP: 25
DNS: 53 (Both TCP and UDP)
HTTP: 80
POP: 110
IMAP: 143 (depends, if you give your customers IMAP service)
HTTPS: 443 ( required for secure connections)
SUBMISSION: 587 ( required by spamassassin, if you are using it)
MYSQL: 3306 ( only localhost access is enough, but you may offer remote db connections)
POSTGRES: 5432
TOMCAT: 8080 - 8433 and JSERV: 8007 if you serve them
Some hosting systems may require additional ports to be opened
and it is required to open ephemeral ports for passive FTP connections within a pre-configured range such as 1024 through 4999(out) will bind to your FTP port21(inside)

04.07.2007 at 01:07AM PDT, ID: 18868876

saljas:

To cemkaraca
Many thanks - you cleared some points, things that we are allowing:-

1- People to visit our site that is on our server
do we open the HTTP for that (port 80) ??

2- Our IT engineers to browse the internet using IE which is on the server
which port do we open for that ??

3- Our employee to visit the site that is on the server from their computers ( it seems this happens internally because it has very fast reaction )
which port do we open for that ??

4- Our employee to visit the server hardisks INTERNALLY
which port do we open for that ??
Many Thanks

04.07.2007 at 01:56AM PDT, ID: 18868946

cemkaraca:

Thank you,

1- People viewing sites through your server will connect to port 80, that is correct.

2- If you don't have any proxy connections, also outgoing port will be the same, 80

3- same as ans. 2

4- To visit hdd's internally, you must be in the same broadcast domain or connected with a VPN, I don't really suggest internal firewall, you may open all ports for inside and make your rules for the outgoing(WAN) interface.
To enable VPN: open pptp port ( 1723) and 4125 and GRE IP(47)

20080236-EE-VQP-29