Many corporate networks are pretty locked down other than port 80 and port 443 outbound. What ports are needed to connect to Azure Analysis Services? I'm hoping the answer is 443, but I just want to double check it's not 2383. I didn't spot this in the documentation, but maybe I missed it.
Yeah, the connectivity is done using 80/443
thx
Related
I have set up a mosquitto-broker on my raspberry pi which I have running on my local network. I've tested this locally using the paho-mqtt package in python which is working, however I want to access this broker remotely (outside my local network).
From what I understand, the safest way to do this is to use TLS-authentication and configure mosquitto to listen on port 8883, rather than opening the un-encrypted 1883 port, where login credentials can be sniffed. This is where my problems start, as I suspect my ISP doesn't allow forwarding port 8883 to the (static) IP-address of my RPi. (Port wont open no matter what I try, and I've tried googling this specific issue.)
So my question is:
Is it possible to use another port than the default 1883 or 8883 (which my ISP hopefully allows to be opened) for accessing my locally hosted mosquitto-broker? For example one of the higher-valued ports, which I understand is not reserved for anything.
I'm imagining connecting to the broker by using my external IP-address with this port (xxx.xxx.xxx.xxx:yyyyy) and either tunneling this data to the 8883-port on the local network, or configuring mosquitto to listen on the selected port. Any tips on how I can solve this issue?
EDIT
Thanks for your answers! I just got off the phone with my ISP, and unfortunately they don't allow opening ANY ports because I live in a university dorm, so opening a different port won't work either. I guess using a cloud broker is the only option.
You can use any ports you want (or that your operating system will permit). MQTT uses certain ports by convention but is not restricted to using those ports. You're even welcome to encrypt on port 1883 if you want.
You'll need to do four things:
write the listener configuration directive correctly to use the port you want to use and make sure that you're listening on 0.0.0.0 in order to listen on all network interfaces, or the IP address of a specific network interface to listen on.
correctly configure encryption after the listener directive
ensure that the port you chose is accessible through any firewall your server may be running
properly configure any clients to use the port you configured and work with the encryption you configured
If you want to make it accessible over the Internet you'll need to open a port on your router as well.
If you do make it accessible over the Internet, please require authentication. Encryption won't stop strangers from connecting to your broker, it will just stop eavesdropping on them. Turn off allow_anonymous and set up some Mosquitto accounts.
i've setup a rasberry server with open media vault on board, so i'm using docker to setup multiple services such as:
pihole
plex
nextcloud
and much more
i would like to expose some of them on internet, while others only on LAN.
For internet i will use SSL from letsencrypt, while for LAN i can use a self-signed certificate.
Right now, i'm thinking to create multiple domains on two ports, one dedicated for internet and the other for lan, but... are there better alternatives (also from a security standpoint) ?
P.S.: right now i'm not considering VPN as an alternative
for the people who will read this, i solved in this way using only a nginx instance (on linuxserver swag image).
Created another server block (ports 8443)
Created a self signed certificate for the new server block
Opened on the router and port forwarded on 443 in order to expose only what i want to expose publicly using proxy-conf
Did the same for server block 8443 which is not exposed, so no port forwarding
I'm currently working my way through several basic web server examples with both .NET and also Python. Most examples seem to use 8000 or 8080 as test ports. Can anybody clarify the difference between these? Does it matter? Please advise.
It doesn't matter. In fact, 8080 is often used as a default http port for software providing http services that is not a core http Server (e.g. Apache http Server). So after a while this port is sometimes taken from software that runs on the system in a background.
8000 it seems is just another port being used by the .NET domain.
Ports below 1024 need system user permission like root or something. That is why ports in the thousands are used for software running as a normal user.
No difference. Two common ports you'll want to know the difference between 80 and 443. 80 is for insecure (HTTP) connections and the other one is for secure (HTTPS) connections, but they both are used and reserved for HTTP communication.
I'm using Java to create a client/server application that communicates using TCP. The network that the client is running on has an outbound firewall that prevents the client from connecting to the server. Is there any way/workaround to create a TCP connection through this firewall?
I have tried to use common ports that are open such as port 80, 443, and 113, however the firewall appears to drop the connection once it is made (possibly by detecting non-protocol packets).
An alternative would be to have the client software run as a Java applet hosted from an external website, however I'm not sure if the outbound firewall would still be able to block this connection.
Any help would be greatly appreciated.
Assuming that the users have internet access, and you can't telnet through port 80/443, it probably mean that the users connect through an HTTP Proxy configured in the browser.
You could try to research on various tunneling methods via an HTTP Proxy... Though, that will be a very unstable hack.
I recommend contacting the system administrator, explaining your needs, and see what he/she suggests.
You can try to communicate using http or https. By tunneling your protocol over these, it might be possible that the firewall lets your traffic through.
Which of the following ports is the best one to use for a program. I'm working on using a custom protocol still under development. I'm looking for one that will be accessible to virtually every host that is connected to the public Internet (that is, every host that can view websites can use this port). The three main options are:
port 53 UDP (DNS)
port 80 TCP (HTTP)
port 443 TCP (HTTPS)
Which of these is most widely accessible over the Internet, including all ISPs, corporate firewalls, etc.
All of those ports are used by well-known services, and you should use none of them (if your product is not a webserver or a DNS server.) DCCP Well Known ports SHOULD NOT be used without IANA registration. If your service is commercially viable or has benefits for the network as a whole, consider registering it for a lower port number: The registration procedure is defined in RFC4340, Section 19.9.
For experimental use, use a port between 1024 and 49151. Remember that even those ports should be registered with the IANA as soon as your service goes "live".
Regarding firewalls: You cannot predict if your service will be available to any network at all. Even if you use port 80, you probably will run against firewalls that do content checking.
Not port 53. Toss-up between 80 and 443. If you make your protocol look sufficiently like HTTPS that a proxy will forward it the same way, then maybe 443 is your best choice.
As all the ports you've nominated are used for particular well-specified protocols, it's a very bad idea to use these for a different protocol. There's a convention that for a well-known port, there's a corresponding protocol, and if you break this convention, then at the least you're going to cause confusion, and at worst be suspected of nefarious intentions and be blocked. Martin's answer points you in the right direction.