Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


which port should be allowed for web servers

Posted on 2007-03-17
Medium Priority
Last Modified: 2013-12-05
We have a firewall that enable us to block ports - our operating sys is win2k server. If our customer enters in the url box on his IE, our server calls asp file that calls dll file doing some calculations and send the answer to customer IE again. It looks simple but, which port is to allow for recieving the customer IE order, and whick port to allow for sending an answer. As we read port 80 but how come the customer IE recieved tcp problem after displaying the url name on the bottom. And what is HTTP TCP UDP, are they related to ports allowance case if we did not block UDP in some cases it works. after many testing we were able to make it work but now the server IE cannot work on the internet we think its port is blocked which we do not know.
Does any body know THE FOLLOWING
- the Ports for get customer IE request
- the port for send an answer to customer IE
- the port to allow our server IE to access internet
- HTTP relation to TCP   UDP   ARP   ICMP
Question by:saljas
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +2
LVL 39

Expert Comment

ID: 18741716
Please see the link below if there is help that you need:

Author Comment

ID: 18742779
To Punky
what you suggested is to read, which we did for too long, what we are looking for is some one to say i.e. for a user on the internet to get to a server open port so and so, and for the server to answer open the port so and so, and if you are using this and that then be aware of opening port so and so, but you should have a rule for that because so and so........

Expert Comment

ID: 18743850
Standard HTTP is TCP port 80
All communication is done through this port.

Thats all you should need, if it doesnt work - your problem is elsewhere.
HTTPS (HTTP over SSL) is 443 - however, you might not be using that.
However, the port would be 80 on your system, but on the client accessing the port is random.

To allow your server's ie to access the internet, you will need to allow outgoing tcp on port 80/443 (again, to allow ssl aswell, you need 443).
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.


Expert Comment

ID: 18803911
Have you tried turning the firewall off completely and checking if the site is accessible?  Access it from outside and inside the network where the server is.  If it's accessible from inside and not outside, the problem is on your perimeter firewall.  If it accessible from both inside and outside, the problem is with the firewall loaded on our server 2000 box.  What firewall is being used on the server?

Also, you can do a netstat -a from the command line on the server and the remote computer to see current state of all ports and more importantly, what the port numbers are.

Author Comment

ID: 18806344
The fire wall is 8Signs and is working fine. Visits from outside and inside are well, but for us to configure it- we depented on the principal of- ( try and see what happens ) without knowing what is going on.   The firewall is offering the following ( things ) to be configured and (should) be controlled by us:
1- TCP, UDP, ICMP, ARP, RARP, MAC addresses
2- For each of them is offering the following (services) : Web Server, Web Browsing HTTP, ...etc
3- For each one of them we should set a rule of filtering which is devided into two parts Local and Remote.
4- For each of the last two division it offers a the following:
  a-  Address must match - options -  (My address, All addresses, Address Range from to, Address mask, One address, Group)
   b- Port must be - options - (one number, in the range of, any number, 1024-5000, 1024-65535, group)

What is listed before is related to setting the rule of filtering - now there is another story which is related to controlling the addabter connections.   And the final story of how to see (or understand) both stories in one integrated concept.

Thank u for ur interest

Expert Comment

ID: 18806918
"Visits from outside and inside are well,..."    What does that mean exactly....

What happens when you turn the firewall off? This is an important test to see if the issue
is with the local firewall or the perimeter.  

What does netstat -a show?  

What does the 8Signs logfile show?  Any dropped packets at the time a user tries to access the application?

Try the above things to narrow down where the problem is.

Author Comment

ID: 18808312
All we need is to know what is going on in brief
There are three kinds of visitors to our site,
1- people form outside of our network keyin our site name in the URL box and a request to the internet provider company, forward it to our ADSL then router then 8signs firewall ( we call them outside visits)
2- people from within our internal network (inside visits)
3- a request from the our web server to the site that is on the same machine (inside visits)
Now we do not have any problems with any of them, but we do not know what we did - may be we opended something that should not be opened. (like a port or FTP or what ever)

Expert Comment

ID: 18809192
So, you are wanting to see what ports are currently open on your server?  Doesn't the firewall software have that config?  Does it have a log file?  

I'm not sure what your question is.  In the original post you said:

"after many testing we were able to make it work but now the server IE cannot work on the internet we think its port is blocked which we do not know"

In your last post you said:


Do you have an issue with the firewall blocking traffic?  Or have you solved that already and now you want to know what ports are open on your server?

netstat -a will list all listening ports and connections.

Do a netstat /? to see all of the available switches associated with netstat.  There are many and will give you a lot of information.

Please clarify what your question is.


Author Comment

ID: 18810428
After posting the question we changed the setting and every thing is working, but we do not know what we did exactly, we always try and see what happens. In fact we never know how Ports, Services (like HTTP), connections, DSL, and Adabters are related to each other !  So the main isue is to (know that) then we will be able to deal with our server in a better way.
netstat -a is telling which TCP and UDP related to which service and its state, and is not helping much, infact it says porto TCP local address is http which is listining (what does that mean ???)

Expert Comment

ID: 18810859
Which setting did you change exactly?  If you know what setting you changed, you should be able to determine what ports you opened.  Does the firewall software have the ability to show a running configuration that displays open ports, allowed IP's etc...

My recommendation is to close this question as being answered by yourself and open another one
to address which ports are open on your server, perhaps in the "firewall" section of Experts Exchange.
They would be better equipped to answer your new question.

Author Comment

ID: 18814517
How to delete and Refund

Expert Comment

ID: 18814860
Search and you shall find:

I recommend offering up more points for your future questions.  It tends to get others involved more.

Author Comment

ID: 18831321
We have read the link you sent, infact this is the fourth time we read it - it says
 ( To delete the question, click the button that says Delete Question )
I can garantee that the above mentioned button never exsists.  Any way lets stop this and wait for some one from this site employee, to ask us to close the question.
And for the points, since we do not deal with this site every day - then we do not have the sense of how many for what.
best regards

Expert Comment

ID: 18834077
This is what is applicable to you.  You need to post it in the Community Support area of this forum and request that this question be closed since you answered it your self.

I answered my question myself. What do I do?

Post a request in the ***Community Support topic area ***asking for a refund, and asking the Moderators to close the question; be sure to post the URL to your question. You will be required to post your solution in your original question. A Moderator will post a notice of your request which will give the participants four days to object to the refund. Note that if it resembles one of the suggested comments, the likelihood is that your request will not be granted, but rather, the points will be awarded to the Expert who makes the suggestion.

Expert Comment

ID: 18839257
All TCP otherwise declared:
FTP: 21
SSH:22 (If you want to allow)
SMTP: 25
DNS: 53 (Both TCP and UDP)
HTTP: 80
POP: 110
IMAP: 143 (depends, if you give your customers IMAP service)
HTTPS: 443 ( required for secure connections)
SUBMISSION: 587 ( required by spamassassin, if you are using it)
MYSQL: 3306 ( only localhost access is enough, but you may offer remote db connections)
TOMCAT: 8080 - 8433 and JSERV: 8007 if you serve them
Some hosting systems may require additional ports to be opened
and it is required to open ephemeral ports for passive FTP connections within a pre-configured range such as 1024 through 4999(out) will bind to your FTP port21(inside)

Author Comment

ID: 18868876
To cemkaraca
Many thanks - you cleared some points, things that we are allowing:-

1- People to visit our site that is on our server
do we open the HTTP for that (port 80) ??

2- Our IT engineers to browse the internet using IE which is on the server
which port do we open for that ??

3- Our employee to visit the site that is on the server from their computers ( it seems this happens internally because it has very fast reaction )
which port do we open for that ??

4- Our employee to visit the server hardisks INTERNALLY
which port do we open for that ??
Many Thanks

Accepted Solution

cemkaraca earned 200 total points
ID: 18868946
Thank you,

1- People viewing sites through your server will connect to port 80, that is correct.

2- If you don't have any proxy connections, also outgoing port will be the same, 80

3- same as ans. 2

4- To visit hdd's internally, you must be in the same broadcast domain or connected with a VPN, I don't really suggest internal firewall, you may open all ports for inside and make your rules for the outgoing(WAN) interface.
To enable VPN: open pptp port (      1723) and 4125 and GRE IP(47)

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Usually shares are where we want them for our users and we tend to take them for granted. There are times, however, when those shares may disappear causing difficulty for your users. One of the first things to try is searching for files that shou…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question