Solved

which port should be allowed for web servers

Posted on 2007-03-17
19
234 Views
Last Modified: 2013-12-05
We have a firewall that enable us to block ports - our operating sys is win2k server. If our customer enters in the url box www.oursitename.com on his IE, our server calls asp file that calls dll file doing some calculations and send the answer to customer IE again. It looks simple but, which port is to allow for recieving the customer IE order, and whick port to allow for sending an answer. As we read port 80 but how come the customer IE recieved tcp problem after displaying the url name on the bottom. And what is HTTP TCP UDP, are they related to ports allowance case if we did not block UDP in some cases it works. after many testing we were able to make it work but now the server IE cannot work on the internet we think its port is blocked which we do not know.
Does any body know THE FOLLOWING
- the Ports for get customer IE request
- the port for send an answer to customer IE
- the port to allow our server IE to access internet
- HTTP relation to TCP   UDP   ARP   ICMP
0
Comment
Question by:saljas
  • 7
  • 6
  • 2
  • +2
19 Comments
 
LVL 39

Expert Comment

by:PUNKY
ID: 18741716
Please see the link below if there is help that you need:

http://www.portforward.com/english/routers/port_forwarding/routerindex.htm
0
 

Author Comment

by:saljas
ID: 18742779
To Punky
what you suggested is to read, which we did for too long, what we are looking for is some one to say i.e. for a user on the internet to get to a server open port so and so, and for the server to answer open the port so and so, and if you are using this and that then be aware of opening port so and so, but you should have a rule for that because so and so........
saljas
0
 
LVL 3

Expert Comment

by:mattedk
ID: 18743850
Standard HTTP is TCP port 80
All communication is done through this port.

Thats all you should need, if it doesnt work - your problem is elsewhere.
HTTPS (HTTP over SSL) is 443 - however, you might not be using that.
However, the port would be 80 on your system, but on the client accessing the port is random.

To allow your server's ie to access the internet, you will need to allow outgoing tcp on port 80/443 (again, to allow ssl aswell, you need 443).
0
 
LVL 5

Expert Comment

by:trarthur
ID: 18803911
Have you tried turning the firewall off completely and checking if the site is accessible?  Access it from outside and inside the network where the server is.  If it's accessible from inside and not outside, the problem is on your perimeter firewall.  If it accessible from both inside and outside, the problem is with the firewall loaded on our server 2000 box.  What firewall is being used on the server?

Also, you can do a netstat -a from the command line on the server and the remote computer to see current state of all ports and more importantly, what the port numbers are.
0
 

Author Comment

by:saljas
ID: 18806344
The fire wall is 8Signs and is working fine. Visits from outside and inside are well, but for us to configure it- we depented on the principal of- ( try and see what happens ) without knowing what is going on.   The firewall is offering the following ( things ) to be configured and (should) be controlled by us:
1- TCP, UDP, ICMP, ARP, RARP, MAC addresses
2- For each of them is offering the following (services) : Web Server, Web Browsing HTTP, ...etc
3- For each one of them we should set a rule of filtering which is devided into two parts Local and Remote.
4- For each of the last two division it offers a the following:
  a-  Address must match - options -  (My address, All addresses, Address Range from to, Address mask, One address, Group)
   b- Port must be - options - (one number, in the range of, any number, 1024-5000, 1024-65535, group)

What is listed before is related to setting the rule of filtering - now there is another story which is related to controlling the addabter connections.   And the final story of how to see (or understand) both stories in one integrated concept.

Thank u for ur interest
0
 
LVL 5

Expert Comment

by:trarthur
ID: 18806918
"Visits from outside and inside are well,..."    What does that mean exactly....

What happens when you turn the firewall off? This is an important test to see if the issue
is with the local firewall or the perimeter.  

What does netstat -a show?  

What does the 8Signs logfile show?  Any dropped packets at the time a user tries to access the application?

Try the above things to narrow down where the problem is.
0
 

Author Comment

by:saljas
ID: 18808312
THERE IS NO PROBLEM
All we need is to know what is going on in brief
There are three kinds of visitors to our site,
1- people form outside of our network keyin our site name in the URL box and a request to the internet provider company, forward it to our ADSL then router then 8signs firewall ( we call them outside visits)
2- people from within our internal network (inside visits)
3- a request from the our web server to the site that is on the same machine (inside visits)
Now we do not have any problems with any of them, but we do not know what we did - may be we opended something that should not be opened. (like a port or FTP or what ever)
0
 
LVL 5

Expert Comment

by:trarthur
ID: 18809192
So, you are wanting to see what ports are currently open on your server?  Doesn't the firewall software have that config?  Does it have a log file?  

I'm not sure what your question is.  In the original post you said:

"after many testing we were able to make it work but now the server IE cannot work on the internet we think its port is blocked which we do not know"

In your last post you said:

"THERE IS NO PROBLEM"


Do you have an issue with the firewall blocking traffic?  Or have you solved that already and now you want to know what ports are open on your server?

netstat -a will list all listening ports and connections.

Do a netstat /? to see all of the available switches associated with netstat.  There are many and will give you a lot of information.

Please clarify what your question is.

0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:saljas
ID: 18810428
After posting the question we changed the setting and every thing is working, but we do not know what we did exactly, we always try and see what happens. In fact we never know how Ports, Services (like HTTP), connections, DSL, and Adabters are related to each other !  So the main isue is to (know that) then we will be able to deal with our server in a better way.
netstat -a is telling which TCP and UDP related to which service and its state, and is not helping much, infact it says porto TCP local address is http which is listining (what does that mean ???)
0
 
LVL 5

Expert Comment

by:trarthur
ID: 18810859
Which setting did you change exactly?  If you know what setting you changed, you should be able to determine what ports you opened.  Does the firewall software have the ability to show a running configuration that displays open ports, allowed IP's etc...

My recommendation is to close this question as being answered by yourself and open another one
to address which ports are open on your server, perhaps in the "firewall" section of Experts Exchange.
They would be better equipped to answer your new question.
0
 

Author Comment

by:saljas
ID: 18814517
How to delete and Refund
0
 
LVL 5

Expert Comment

by:trarthur
ID: 18814860
Search and you shall find:

http://www.experts-exchange.com/help.jsp#hi70

I recommend offering up more points for your future questions.  It tends to get others involved more.
0
 

Author Comment

by:saljas
ID: 18831321
We have read the link you sent, infact this is the fourth time we read it - it says
 ( To delete the question, click the button that says Delete Question )
I can garantee that the above mentioned button never exsists.  Any way lets stop this and wait for some one from this site employee, to ask us to close the question.
And for the points, since we do not deal with this site every day - then we do not have the sense of how many for what.
best regards
0
 
LVL 5

Expert Comment

by:trarthur
ID: 18834077
This is what is applicable to you.  You need to post it in the Community Support area of this forum and request that this question be closed since you answered it your self.

I answered my question myself. What do I do?

Post a request in the ***Community Support topic area ***asking for a refund, and asking the Moderators to close the question; be sure to post the URL to your question. You will be required to post your solution in your original question. A Moderator will post a notice of your request which will give the participants four days to object to the refund. Note that if it resembles one of the suggested comments, the likelihood is that your request will not be granted, but rather, the points will be awarded to the Expert who makes the suggestion.
0
 
LVL 1

Expert Comment

by:cemkaraca
ID: 18839257
All TCP otherwise declared:
FTP-DATA: 20
FTP: 21
SSH:22 (If you want to allow)
SMTP: 25
DNS: 53 (Both TCP and UDP)
HTTP: 80
POP: 110
IMAP: 143 (depends, if you give your customers IMAP service)
HTTPS: 443 ( required for secure connections)
SUBMISSION: 587 ( required by spamassassin, if you are using it)
MYSQL: 3306 ( only localhost access is enough, but you may offer remote db connections)
POSTGRES: 5432
TOMCAT: 8080 - 8433 and JSERV: 8007 if you serve them
Some hosting systems may require additional ports to be opened
and it is required to open ephemeral ports for passive FTP connections within a pre-configured range such as 1024 through 4999(out) will bind to your FTP port21(inside)
0
 

Author Comment

by:saljas
ID: 18868876
To cemkaraca
Many thanks - you cleared some points, things that we are allowing:-

1- People to visit our site that is on our server
do we open the HTTP for that (port 80) ??

2- Our IT engineers to browse the internet using IE which is on the server
which port do we open for that ??

3- Our employee to visit the site that is on the server from their computers ( it seems this happens internally because it has very fast reaction )
which port do we open for that ??

4- Our employee to visit the server hardisks INTERNALLY
which port do we open for that ??
Many Thanks
0
 
LVL 1

Accepted Solution

by:
cemkaraca earned 50 total points
ID: 18868946
Thank you,

1- People viewing sites through your server will connect to port 80, that is correct.

2- If you don't have any proxy connections, also outgoing port will be the same, 80

3- same as ans. 2

4- To visit hdd's internally, you must be in the same broadcast domain or connected with a VPN, I don't really suggest internal firewall, you may open all ports for inside and make your rules for the outgoing(WAN) interface.
To enable VPN: open pptp port (      1723) and 4125 and GRE IP(47)
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now