Hey can any one tell me should i need open a port for outgoing request on http?
Well, your firewall might block outgoing connections on port 80 but this is quite rare.
So, the answer is "probably, but unlikely"
Related
The goal is to make an http request from the client browser to my server. Simple stuff; however I'm hitting a wall with the networking portion. In order to expose my server to WAN I have used one of my public IPs and NAT to translate to the private ip of my server on inbound traffic and to my public IP on outbound traffic.
The issue is that I can't make a connection. Specifically I can't get the last part of the TCP handshake. Using a test setup with Wireshark on the client and server I can see that the client send the SYN -> the server receives the SYN -> the server sends a SYN/ACK -> the client receives a SYN/ACK -> the the client send an ACK -> the server DOES NOT receive the ACK. It waits for a moment then does a retransmission. Eventually resetting.
I have tried adding various firewall rules even though I don't think it could be the firewall because the first packets make a successful round trip.
I've turned windows firewall off(the server)
I've tried disabling TCP checksum offloading
I've looked for network anti virus settings on the server and on the sonic wall(the router)
I would expect the the tcp connection to complete. I can't for the life of me think of a reason why the ACK would consistently go missing.
That is another thing. The behavior is consistent.
pings also work just fine.
NOTE: The server is actually a VM and the physical server that manages it is in my network.
Any guidance on what to try and where to look would be very much appreciated. Thanks.
UPDATE: I can make connection using port 5000(It's another port I have opened on the firewall). Port 80 still doesn't work though.
In my case this was caused by COX not allowing inbound traffic to port 80. I'm not sure why the first portions of the tcp handshake were getting through. If anyone can explain that part leave a comment.
I been implementing a packet forwarder in C, and stumbled with this interesting issue.
I noticed that if i listen on tcp port with winsock, it sends back a syn-ack when a syn is recieved. If i dont listen, its sends rst-ack to indicate that the port is closed. I wish that the port wont answer at all, because i'm sniffing directly on the interface with winpcap.
Is there any solution or workaround to my problem? I had the same problem with UDP, but of course opening the port fixed it and prevented ICMP host unreachable. Now i nedd a solution to TCP.
Thanks
If you want to forward a packet without making connection, then it's better to use iptables to desgin some rules. TCP is a reliable transmission protocol, which means if you want to receive packets(it doesn't care if you want to use it or just forward), then it must estalishes a connection with three way handshake.
I was having a doubt on how browser gets the data from website. I read these two links:
how can an application use port 80/HTTP without conflicting with browsers?
and
Port 80 blocked on my ISP so how my browser still works?
With this I understand that browser opens a local random source port and connect to port 80 of website. Now our system firewall have opened all outbound connection and blocked all incoming connection as default configuration. So how does it get back the response. Similarly how response comes back when our home routers and ISP have ports blocked.
So now, I am assuming that connection is somewhat different from response. And there must be some sort of header/information that is sent along which helps in recognizing it as response? And this helps in bypassing the ports?
My humble apologies in case I am messing up all terminologies and thanks for patience. I am beginner in this stuff. Any link towards guide will be very useful.
So how does it get back the response
Assuming you're talking about a firewall or NAT, these devices track outgoing connections, and allow replies to pass through. Connections are typically identified using Source IP + Destination IP + Source Port + Destination Port + Protocol (TCP/UDP). These connection identifiers are stored in a table in the NAT/Firewall.
If the HTTP requests are sent from ports different than port number 80, so in this situations can we identify http requests from TCP layer?
First, I'm confused about one part of the question: "...from ... port number 80...". The FROM port is always >1024 and more or less random, coming from the browser, the TO (destination) port is 80. I just guess you mean the destination port (i.e. on the server).
The easiest way is to filter for destination ports 80 and 443 (SSL). Sure, HTTP could take place to any port, but 99.9999% of HTTP communication out there is to those (standard) ports. The next step, if that is not enough, would involve packet inspection. You could not inspect SSL traffic though, so you would never catch that traffic.
if you know socket port (usually 80) on wich http-server is binded, there is no problem. scanning tcp-header for port field must solve it.
This is a network programming question. I need to block all HTTP traffic using a layer 4 firewall (i.e it can look headers only upto TCP/UDP layers ). Is this possible?
As I was searching for a more accurate answer , I got to know that even if we cannot access HTTP header, we can access HTTP message field using layer 4 firewall.
No.
You can drop all TCP port 80 and port 443 traffic, but this might include traffic that isn't HTTP. (80 and 443 are open almost everywhere, so people (ab)use them often.) It will also miss HTTP traffic that happens on non-standard ports. (People do HTTP to port 8000 or 8080 or 8088 or 8888 all the time, in part because you don't need CAP_NET_BIND to be able to use high ports, in part because the numbers are easy to remember if port 80 is already used for something else.)
You can use the incoming port (ie 80) to detect HTTP traffic.
However you can't be 100% sure that's HTTP. But since it's the common port fort HTTP, I don't think many other applications use the port 80 for their communication.
If another port is used with HTTP protocol, you won't be able to block it this way, but it's a start.