Solved

TCPIP Ports an explanation needed please...(ISA Server)

Posted on 2003-10-23
7
968 Views
Last Modified: 2010-04-11
Ok I roughly know what ports are....and how to open them and forward them etc.  However Im a bit confused about how they are assigned by applications.  For example SMTP uses port 25...so does this leave my ISP mail server on port 25 and then come into my exchange server on port 25?.  

The reason Im confused boils down to the difference between local and remote ports?.

Can someone give me a good analogy that will make sence of this to me?.
0
Comment
Question by:NeilDavis
7 Comments
 
LVL 4

Expert Comment

by:Wiired
ID: 9608875
Local ports are on your PC, and Remote ports are located on the destination. I may use port 80 to browse your webserver, but your ISA server may send the info back to me on port 62,000. In your example, the mail may or may not leave your ISP's port 25 (remote), but it will arrive at your port 25 (local).
I am not sure that I have explained this very well, so if someone else hasx a better way, please help.


0
 
LVL 4

Expert Comment

by:rbdnz
ID: 9608923
servers use well-known ports and those are published... i can dig up a link if needed.

ftp servers listen on 21
ssh service listens on 22
smtp servers listen on 25
web servers listen on 80
pop servers listen on 110
imap servers listen on 143...  for a few examples.

clients will connect to those servers on those ports.  from the clients perspective, those are the remote ports.

client connections can really have any value for the local port.  normally is 1025 or higher.

in the case of your example above, if you are running an SMTP server, then other mailservers (doesn't necessarily have to be your ISP's mailserver) will connect to you on port 25.  the connecting client (the other mailserver... which is a client in this case) can have as its local port anything.  it won't use 25 as it's local port -- after all, it too is a mail server & it is waiting for incoming connections on its own port 25.

i'll stop myself at this point -- does that help at all?  if not, i can keep going....
0
 

Expert Comment

by:pheonix05
ID: 9609343
Port assignments are controlled by Internet Assigned Numbers Authority (IANA).
The current list of PORTs and the well known services that use them can be seen at http://www.iana.org/assignments/port-numbers.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 3

Expert Comment

by:MaxQ
ID: 9610617
Any service that listens for incoming connections generally is going to use a well-known
port number, as people have said.  When a client initiates a conversation with that service,
their request will come from a essentially random high-numbered port on their machine.
This pair of port numbers, along with the IPs of the client and server, uniquely identifies
the conversation they're having.  This is important since they could have several sessions
going on at the same time and you wouldn't want to mix them up.  So, traffic from the
client to the server might have source port 18123 to destination port 80, and the return
traffic from the server to the client would have those ports reversed, source port 80 to
destination 18123.

And just to clarify, the distinction between client and server is mainly relative to who sits
and listens for connections (server) and who initiates them (client).  A machine could easily
be a server in some contexts and a client in others...imagine a mail server that goes out
and fetches mail from a number of mail accounts and waits for you to connect and retrieve
that mail.
0
 
LVL 2

Expert Comment

by:jlindq
ID: 9612637
Or to make things really screwed, look at the client-server model of X11.  :-)
0
 
LVL 1

Author Comment

by:NeilDavis
ID: 9613160
Its getting clearer in my head slowly.  The main reason Ive been confused is due to the setting up of Proxy and ISA servers I think some of ours are at risk because in many filter instances they are set up to allow ANY remote port...but then if some incoming applications leave at random ports then I have to do that dont I??.  I take it the IP packet(s) contain information about the port it left on and the port it wants to go to?.

Im probably confusing myself at bit.  The main example I can give is with PCanywhere.  Ive been told it uses ports 5631 and 5632 for TCP and UDP which Im fine with.  However if I set my filter up to local and remote fixed port it doesnt work.  I have to allow a remote ANY port and local fixed (5631 and 5632) before I can connect....is this because the application is leaving the client on a random port but when it gets to the destination server it knows to use 5631 etc.
0
 
LVL 4

Accepted Solution

by:
rbdnz earned 125 total points
ID: 9613531
correct -- you have to allow any remote port.

you don't however have to allow any remote IP address.

among other things the TCP/IP header contains
source IP address
source port number
destination IP address
destination port number

source in your case meaning the remote side, for connecting clients.  destination being you.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Update HP 4300 SAN from OS 9 to 12 without loosing data. 3 96
PCI Compliance Free scan 2 78
Need help with VLAN issue 6 38
What Can't I Connect by FTP??? 27 56
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now