2

I am a web developer, and am working with a client who has a web service that is located at a specific IP/URL. Access to this is filtered by a firewall, so we need a few of our local machines and our web server to have access to the remote server. We provided IPs to all of our machines, and the client is asking which ports we need open. At this point I do not know what to say, as my knowledge of server/networking/security ends pretty much here.

Our environments are simple:

3 local development machines running ASP.NET 4.0. The remote service provides the data for the website, so we will simply be making an HTTP POST with a SOAP message and receiving a response.

Our web server is a VPS, and it will also need to be able to hit this secured IP.

My question is this:

How do I find the ports in question that need to be opened up? I suggested 80 (as I assumed this is what was necessary for web traffic), and the network admin indicated concern with open this port for traffic.

Any help is appreciated!

Evan
  • 145
  • 2
  • 5

4 Answers4

7

Port 80 is standard for HTTP traffic

Port 443 is standard for HTTPS traffic

If your application runs on these standard ports, that's what you need open. If the administrator on the other end has a problem opening them for some reason, you should ask him to explain why, because it's extremely common.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Thanks - he was ok with HTTPS. We are interacting with HIPAA related data, so I'm assuming thats why it was questioned. – Evan Feb 02 '12 at 16:51
3

If the URL starts with https and has no ":" number attached it is 443.

If the URL starts with http and has no ":" number attached it is 80.

If the URL has ":NUMBER" attached to it the number is the TCP-port number that needs to be open.

The firewall-admin is probably not the same person as the webserver-admin. Else he/she would know which port his web-service listens on.

Nils
  • 7,695
  • 3
  • 34
  • 73
3

TCP port 80 for http and TCP port 443 for https are standard. You can run a "netstat -an" on your server to see if the server is listening on those ports. You would see something like this:

Proto  Local Address          Foreign Address        State
TCP    0.0.0.0:**80**            0.0.0.0:0              LISTENING

Port 80 is very common, they only concern I see your admin having is if the server was not in the DMZ, but on an inside VLAN instead.

user9517
  • 115,471
  • 20
  • 215
  • 297
NorCalAdam
  • 31
  • 1
0

One would think that the network administrator for the remote server would know what ports to open so that someone can hit his web server.

If he's whitelisting your IP addresses, that will be fairly restrictive and secure. I'm not sure what additional issue he should have with opening port 80 (or whatever ports are used by his web server).

Does he mean the outgoing ports for your connection from your IPs? That sounds unnecessarily and unusually restrictive, and, unless you have some finer control over your networking (i.e., you want to configure source NAT on the port as well as the IP), you're not going to be able to control the outgoing ports.

cjc
  • 24,916
  • 3
  • 51
  • 70