0

I recently overhauled my router’s firewall rules. I erased everything and added minimal permissions for the ports that I need to be open. However I found that Blogger was no longer able to publish to my system’s FTP server. I was able to fix it by setting my router to allow both TCP and UDP on my FTP port, where I had previously set it to only allow TCP.

Now I’m worried that other things (like HTTP/SVN/MySQL/etc.) could be incorrectly blocked because I have everything else set block UDP—or more accurately, to only allow traffic over TCP on the specified ports.

How can I find out which protocols various web-services use? For example, if I have the router set to allow Subversion traffic on port 3690, should I allow TCP, UDP, or BOTH? What about Telnet, POP3, HTTPS, and so on?

Thanks.

Synetech
  • 948
  • 1
  • 12
  • 27
  • 1
    What sort of router you've got might be a useful bit of info, don't you think? – womble Nov 27 '09 at 07:41
  • No I do not. I am not asking for router specific help, I am asking for protocol/port help. – Synetech Nov 27 '09 at 22:54
  • The type of router/firewall could impact the steps required to allow certain protocols. That is probably why womble said it might be useful information. – sclarson Nov 30 '09 at 16:51
  • Nope, again I didn’t ask for help on using the router, I don’t care about the steps. I am asking for information on what protocol different web services use, regardless of the router. – Synetech Jun 20 '11 at 17:48
  • @Synetech, are you still looking for help with this? It's almost 2 years old and you have an accepted answer already. – Chris S Jun 20 '11 at 18:21
  • @Synetech: The point is that some routers have support for whitelisting some services and dynamically unblocking associated ports automatically (e.g. opening passive FTP ports w/o forwarding a large range of ports back to the server) or other useful functionality, so having router/OS info is useful. – afrazier Jun 20 '11 at 18:35

2 Answers2

1

Very strange that FTP requires UDP ports. Yo can try to run your software that you want to check and simultaneously run "netstat -ano" in terminal, which show you PIDs of processes that produce some network activity. So find with "ps -aux" or taskmanager pid of process you want to check and see of if it tries to connect some port that you're not expected this software to use.

Dmitry Trukhanov
  • 378
  • 1
  • 6
  • 1
    Thank, you. That you said that FTP should not require UDP is exactly the sort of information that I am looking for. For example, I know that BitTorrent traffic could use either, so if I were to make a rule to allow traffic on a BT port, I would set BOTH, but with FTP, I now see that I *should not* need to allow UDP traffic on the FTP port. Where can I find out whether other Internet services such as HTTP, HTTPS, SMTP, etc. traffic use UDP, TCP or both? I am looking for a simple, single chart or something as opposed to reading through lots of individual RFCs. – Synetech Nov 28 '09 at 13:48
1

This what you're looking for?

GregD
  • 8,713
  • 1
  • 24
  • 36
  • Given that the IANA recommends reserving the same port number for both the UDP and TCP protocols, even if the protocol uses just one or the other, no, I don't think that is what he is looking for. – kmarsh Nov 30 '09 at 19:11
  • Actually, you are both right (sort of). The Wikipedia list does indicate some services using TCP, others UDP, and others both, but Blogger requiring UDP to FTP (port 21) the files (even though FTP apparently should *not* need UDP) seems to indicate that **kmarsh**’s comment about the IANA may be correct. (There could be a related issue: http://serverfault.com/questions/89688/d-link-router-virtual-servers-with-0-0-0-0-ips.) – Synetech Dec 01 '09 at 04:22
  • Even the PortForward guide (http://www.portforward.com/english/routers/port_forwarding/Dlink/DI-524/FTP.htm) indicates to allow both TCP and UDP (though they could just be over-zealous). Could it be the command port (20)? – Synetech Dec 02 '09 at 16:12
  • Okay, I’ve removed UDP from the rule according to the aforementioned list. If someone decides to go and do things their own way, then that’s something that would have to be worked around (or avoided altogether). Either way, I no longer use Blogger anyway, I’ve [switched to WordPress](http://superuser.com/questions/14100/local-multiple-blog-ie-dashboard-blogging-software-as-alternative-to-blogger), so I’ve “locked it down” a bit by taking out UDP. – Synetech Jun 20 '11 at 18:12