I am new to TCP/IP and trying hard to learn basics. Well, I really wonder about inbound rules and outbound rules of Firewall and concept of source adress:port, destination adress:port.
For example I am investigating port 80. I know that http uses port 80. But when I try to listen the traffic I see that my browser doesn't use 80. As you see from the image only destination port 80 is used and "destination" should be the server that hosts web pages not my computer. And also there is no used port 80 on source port, "source" should be my computer.
My browser uses some other ports as source and goes to server port 80. From that, I understand that port 80 of my computer is not used for http, only server computers that host the web pages used port 80 but if I close port 80 or my computer from outbound rules the internet dooesn't work. But as I understood before from the image, port 80 is not used on my computer.
Really confused. Can anybody clarify it for me?
You are right : the communication goes from your computer (source port chosen "randomly") to a web server (destination port 80). And from a web server (source port 80) to your computer (destination port xxxxx) for the server's responses.
If you close port 80 in outbound rules, your computer will not be able to access any web server because this rule means that your firewall drops any packets which are send from your computer to a destination on port 80.
EDIT
Actually, the packets you send contains parameters such as :
Your_IP, Server_IP, Source_port (xxxxx), Destination port (80)
When your firewall sees that kind of packet, it applies the outbound rules (the one concerning the communication FROM your computer TO a web server). If your outbound rule is to close port 80 (which means to drop any packets whose destination port is 80) it is normal to see the packets you try to send to a web server getting dropped.
closing port 80 in outbound rules doesn't mean you close your computer's port 80. It means your firewall drops packets whose destination port is 80.
Related
For example, if i want to rdp to a remote server from my local computer etc
what would be the source port and destination ports to open for network firewall?
can anyone also give more scenarios on the source and destination ports to open for network firewall? are they always the same?
On firewall you would open destination port (for RDP by default it 3389)
Source ports are randomly generated from the unregistered port range.
The source/destination port works similar to your IP. The port you
send from, is the port the service will reply too. For instance; a
website is simply a server listening for connections on port 80 (or
443).
I read on Ports WIKI page that "Ports are logical constructs which identifies a service or process", what service or process means here? It means protocol like HTTP, FTP etc. or software applications which are configured to listen on that port?
When it is said that application is listening on so and so... then does it listen for request to an IP address or a port, or listens on a combination of port and IP address? Application listen for a specific IP address and one or more ports are bound to it OR it listens for a combination of IP and port?
For example, I can have application configured for 7001 for HTTP requests and 7002 for HTTPS requests. So, would be listening on 7001 or what?
Applications/services such as a HTTP web server or an FTP server are assigned a port to use/listen on, usually in the config of the application. and they often use a standard port. HTTP for example usually uses port 80.
If an app/service is listening it listens to a port and has no relation to a specific IP address. This is because the IP address it is listening on is the IP address of the computer that the app/service it is running on.
If have a webserver running at port 80 and someone connects from a client using randomly assigned port x, then the server knows which port to reply to. However, at that time on, does the communication to the server continue on port 80 from then on (assigned a file descriptor to socket-pair ip:x), or does the server also delegate further communication onto another randomly assigned port of itself; y?
So what I am really asking is: When the server replies -does it reply with a source port of 80 back for further communication?
If have a webserver running at port 80 and someone connects from a client using randomly assigned port x
At the client end.
then the server knows on what port to reply.
The server replies via the same connection it received the request on. What happens below that is up to TCP. It isn't 'knowledge' of the server application.
However, at that time on, does the communication to the server continue on port 80 from then on
Yes.
(assigned a file descriptor to socket-pair ip:x)
To the socket quad {local-IP, local-port, remote-IP, remote port}.
or does the server also delegate further communication onto another randomly assigned port of itself;
No.
So what I am really asking is: When the server replies -does it reply with a source port of 80 back for further communication?
Yes.
If I understand right, applications sometimes use HTTP to send messages, since using other ports is liable to cause firewall problems. But how does that work without conflicting with other applications such as web-browsers? In fact how do multiple browsers running at once not conflict? Do they all monitor the port and get notified... can you share a port in this way?
I have a feeling this is a dumb question, but not something I ever thought of before, and in other cases I've seen problems when 2 apps are configured to use the same port.
There are 2 ports: a source port (browser) and a destination port (server). The browser asks the OS for an available source port (let's say it receives 33123) then makes a socket connection to the destination port (usually 80/HTTP, 443/HTTPS).
When the web server receives the answer, it sends a response that has 80 as source port and 33123 as destination port.
So if you have 2 browsers concurrently accessing stackoverflow.com, you'd have something like this:
Firefox (localhost:33123) <-----------> stackoverflow.com (69.59.196.211:80)
Chrome (localhost:33124) <-----------> stackoverflow.com (69.59.196.211:80)
Outgoing HTTP requests don't happen on port 80. When an application requests a socket, it usually receives one at random. This is the Source port.
Port 80 is for serving HTTP content (by the server, not the client). This is the Destination port.
Each browser uses a different Source to generate requests. That way, the packets make it back to the correct application.
It is the 5-tuple of (IP protocol, local IP address, local port, remote IP address, remote port) that identifies a connection. Multiple browsers (or in fact a single browser loading multiple pages simultaneously) will each use destination port 80, but the local port (which is allocated by the O/S) is distinct in each case. Therefore there is no conflict.
Clients usually pick a port between 1024 and 65535.
It depends on the operating system how to handle this. I think Windows Clients increment the value for each new connection, Unix Clients pick a random port no.
Some services rely on a static client port like NTP (123 UDP)
A browser is a client application that you use in order to see content on a web server which is usually on a different machine.
The web server is the one listening on port 80, not the browser on the client.
You need to be careful in making the distinction between "listening on port 80" and "connecting to port 80".
When you say "applications sometimes use HTTP to send messages, since using other ports is liable to cause firewall problems", you actually mean "applications sometimes send messages to port 80".
The server is listening on port 80, and can accept multiple connections on that port.
Port 80 you're talking about here is the remote port on the server, locally browser opens high port for each connection established.
Each connection has port numbers on both ends, one is called local port, other remote port.
Firewall will allow traffic to high port for browser, because it knows that connection has been established from you computer.
Just curious about a particular scenario of NAT. Let's suppose we have 4 computers sharing a global IP address under the NAT. I understand that the NAT box keeps an internal record to know which computer to forward requests to. But let's say on computer #2 I'm trying to download a file. And let's say on computer #1, #3, and #4, I'm just browsing the web normally. When the browser initiates a TCP connection to get that file, how does it know which computer to give it to? I mean like, each of the four computers is using port 80 to browse the web right? How does the NAT's record distinguish which "port 80" belongs to which computer?
Each unique TCP connection on the internet is made up of four numbers - {source IP, source port, destination IP, destination port}.
A NAT gateway (GW) translates this to {GW public IP, GW-mapped port, destination IP, destination port} so the outside routers know to return packets to this particular gateway. It also keeps a mapping of these mapped ports back to source IP and port number, along the lines of {GW-mapped port -> {source IP, source port}}, which allows it to figure out what internal machine to send the response packets to.
The concept of "port 80 for http" does not work like these. When a computer browse the web, only the server uses port 80, while the client will use a random port number. The server replies with a destination port, provided by the client, attached. Port 80 is just for knocking the web server's door.
What the NAT does do is translating all those 4 computers outward packets such that their source ports does not duplicate. When the NAT receives a packet, it will check if the attached destination port can be translated and translate it to the LAN if possible.