Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Special Interests > Visual Media > Web Design and Development

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 21, 2013, 08:01 PM   #1
Calion
macrumors newbie
 
Join Date: Jan 2013
All outgoing ports are blocked

I don't see how they managed, but apparently Frontier blocks all outgoing ports. All of them, at least that I've tested (no, I didn't try thousands of ports. But I tried several ports from a wide range).

Does anyone know a way around this? I just want to be able to host my personal blog from my computer, not run a business that uses tons of bandwidth.
Calion is offline   0 Reply With Quote
Old Jul 22, 2013, 06:46 AM   #2
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
Quote:
Originally Posted by Calion View Post
I don't see how they managed, but apparently Frontier blocks all outgoing ports. All of them, at least that I've tested (no, I didn't try thousands of ports. But I tried several ports from a wide range).

Does anyone know a way around this? I just want to be able to host my personal blog from my computer, not run a business that uses tons of bandwidth.
For clarity, I assume you've got Frontier's broadband connection as an ISP to your home and not a webhosting package. If true, port blocking of this type is actually very common since most ISP's allocate shared bandwidth to customers and throttle upstream both by port blocking and capped throughput. They can't tell what kind of site you want to run nor do they care actually. It's just a global policy to discourage end users from using their bandwidth in this manner.

It's also in your best interest not to do so even if you find a port because upstream vs. downstream speed is rarely equal for consumer broadband packages vs. business packages which likely include and encourage webhosting on separate servers. So go with a cheap webhost (there are plenty of topics on this forum with suggestions) and appreciate the unlimited bandwidth, off site protection of your data (in case your computer fails) and the freed up resources on your computer. Your users will appreciate it, too, as the site will respond much faster on a professionally maintained webhosting platform. Most of the cheap webhosts also integrate domain registration so you can safely point the DNS there as well and have no worries with DHCP leased IP's which is common for residential broadband.

Other users might post solutions that involve special routing, NAT setup, services that bind dynamic IP's to hostnames, DIY webhosting -- but all of these do not improve performance which is limited due to capped/throttled share bandwidth. Just because you can does not mean you should. My .02
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com
SrWebDeveloper is offline   0 Reply With Quote
Old Jul 22, 2013, 10:52 AM   #3
thekingofnerds
macrumors regular
 
Join Date: Jun 2013
Well... they don't block "all" outgoing ports, since you wouldn't be able to connect to any websites or even check your e-mail if that were true.

If your server doesn't work properly on ANY ports (including the high-ports used for temporary connections, like 10567), then it is possible they are inspecting all incoming headers to check for initial HTTP connection headers. If that is the case - there's nothing you can do to bypass it aside from using using a VPN or tunneling.

Aside from that - hosting anything off your personal computer that will be available publicly is always a bad idea. Web servers like Apache have been time-tested for years and years, but they still have severe vulnerabilities.

Anyone who runs a public server know all too well how often people attemtp to break in. The recent case with Apple once again proves that even multi-billion-dollar corporations can get attacked.

It isn't worth putting your personal network, let alone your personal computer, at risk. Test & dev on your local machine - but don't ever open it up to the 'net if there is anything on there you don't want to get out. This is why banks and ecommerce companies store encryption keys and databases on servers that are not directly connected to the outside.

Bots will also often scan open servers and slam them hard if they find common ports open, especially on residential IP blocks.

As SrWebDeveloper said, pay the $3-5/month and get a cheap host. Everyone will be happier.

P.S - If you really want to experience setting up a server from scratch, you can get a cheap VPS for a couple of bucks per month. They are a great way to learn, without risking your data. As a bonus, a lot of them have sick speeds that will put your home connection to shame

Last edited by thekingofnerds; Jul 22, 2013 at 11:05 AM.
thekingofnerds is offline   0 Reply With Quote
Old Jul 22, 2013, 11:06 AM   #4
Calion
Thread Starter
macrumors newbie
 
Join Date: Jan 2013
Quote:
Originally Posted by SrWebDeveloper View Post
So go with a cheap webhost (there are plenty of topics on this forum with suggestions) and appreciate the unlimited bandwidth, off site protection of your data (in case your computer fails) and the freed up resources on your computer.
Others have had a different view. I don't want to pay money to experiment with a Wordpress blog that I might get a dozen hits per day (more likely per month) on. Besides, I've found it very useful in the past (before I had Frontier) to be able to do things like ssh into my computer remotely. Also besides, I'm interested in getting into and learning about Apache, etc. Lastly, I hate it when tech defeats me! I don't know enough about tcp, ports, etc., and I don't like being foiled because I don't know enough.

However, I do appreciate your 2.

Quote:
Originally Posted by thekingofnerds View Post
Well... they don't block "all" outgoing ports, since you wouldn't be able to connect to any websites or even check your e-mail if that were true.
Actually I'm not sure what's going on. Port 21 returns "No connection could be made because the target machine actively refused it" from online port scanners, but other ports (such as 80) simply timeout. So it does seem that there should be a way around it, even though forwarding port 80 with my router to my Mac doesn't seem to fix anything.

Quote:
It isn't worth putting your personal network, let alone your personal computer, at risk. Test & dev on your local machine - but don't ever open it up to the 'net if there is anything on there you don't want to get out. This is why banks and ecommerce companies store encryption keys and databases on servers that are not directly connected to the outside.
Hm. I didn't realize that the security problem had gotten that serious.

Quote:
P.S - If you really want to experience setting up a server from scratch, you can get a cheap VPS for a couple of bucks per month. They are a great way to learn, without risking your data. As a bonus, a lot of them have sick speeds that will put your home connection to shame
Now that's an interesting idea. One of the offers is for $15/year! That may be worth it to me. Thanks for the tips.

I'd still like to figure out what the *($! is going on, though.

Last edited by robbieduncan; Jul 22, 2013 at 11:46 AM.
Calion is offline   0 Reply With Quote
Old Jul 22, 2013, 12:37 PM   #5
thekingofnerds
macrumors regular
 
Join Date: Jun 2013
Quote:
Originally Posted by Calion View Post
I'd still like to figure out what the *($! is going on, though.
Have you tried putting the server on any completely crazy ports like 2345 (with forwarding enabled from the router, of course) ?

If it doesn't work on something like that, I would bet they are definitely blocking it using packet inspection.

---

As far as a cheap VPS goes - they do come in handy. I use them all the time as testing/staging servers for clients.

If you go that route, I would just read the reviews first. Lowendbox is usually pretty good with reviews (and the deals can't be beat!) - usually it's nerds getting these things so if a service sucks they will say so
thekingofnerds is offline   0 Reply With Quote
Old Jul 22, 2013, 12:49 PM   #6
Calion
Thread Starter
macrumors newbie
 
Join Date: Jan 2013
I haven't tried moving my server ports around yet; I figured I'd mess with my router settings and see if a port checker sees anything. I guess I want to know what those timeouts mean before I start diving into Apache to figure out how to move the server around. I'm a longtime techie, but I've never looked much at the practical intricacies of TCP.
Calion is offline   0 Reply With Quote
Old Jul 23, 2013, 06:20 AM   #7
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
OP - you need to re-read what I wrote about throttling upstream bandwidth, your issue is not just about open ports. I strongly discourage you from doing what you posted in your original topic, you'll either end up with a slow site that will upset users, a non-standard port which many proxies, firewalls and routers on the Internet might block or find it's just not possible to do it by ISP policy.

The VPS mentioned earlier is an example of webhosting *the proper way* if you want control and want to learn the LAMP stack. I use one myself with root access and my own domain so I can tweak performance, install binaries on the server, use version control (GIT/GitHub.com) and so on. The whole point is move the bandwidth, server maintenance and support to a third party to free up your resources and turn your computer into a development platform and sandbox for local testing. As it should be.

You included a link about "others" who might disagree, and I am going to come right out and say it --- anyone who suggests hi-jacking an ISP and running a web site on non-standard ports just because they "can" are more times than not technical novices who very often don't understand the concepts of performance, scalability and security. If you don't care about these things, go for it. But you asked, so I suspect you do.

Had to put my foot down on this one.
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com
SrWebDeveloper is offline   1 Reply With Quote
Old Sep 18, 2013, 12:34 PM   #8
Calion
Thread Starter
macrumors newbie
 
Join Date: Jan 2013
Okay, fair enough, but there are other reasons than web hosting to want to be able to access your computer remotely. At one time I could ssh, sftp or afp into my computer from anywhere, and that was immensely useful. Not being able to do so because of Frontier's 100% port blocking is very frustrating, and I'm still wondering if there's a way around it.
Calion is offline   0 Reply With Quote
Old Sep 19, 2013, 05:57 AM   #9
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
Quote:
Originally Posted by Calion View Post
Okay, fair enough, but there are other reasons than web hosting to want to be able to access your computer remotely. At one time I could ssh, sftp or afp into my computer from anywhere, and that was immensely useful. Not being able to do so because of Frontier's 100% port blocking is very frustrating, and I'm still wondering if there's a way around it.
I'm sure you can understand that ISP residential port blocking is commonplace, they want to 1) sell commercial packages to make more $ and 2) bandwidth and security concerns.

These days we have remote desktop, Skype, GotoMeeting and many other apps that allow remote management in the form of video, screen sharing, live desktop, etc. using software that exploit compression but on open ports. As a matter of fact, Frontier customer service often asks customers if they can remote in to work tickets.

You don't want to allow open ssh or FTP to your personal computer - most average consumers don't know diddly about compression and secure protocols, SSL/TLS and firewall configuration in the router and certification management which are all part of *proper* locking down techniques if allowed at all. And all this on Windows, the majority of Frontier's user platforms? We easily get spoiled by our Macs which are based on *nix (Debian) originally and we can install and manage all things like this more easily. But Frontiers in the context of this conversation in this topic is not about commercial or business tier webhosting or shared/colo services, it's about residential ISP. Keep that in mind, respectfully.
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com
SrWebDeveloper is offline   0 Reply With Quote
Old Sep 20, 2013, 06:12 AM   #10
Detrius
macrumors 68000
 
Join Date: Sep 2008
Location: Asheville, NC
Quote:
Originally Posted by SrWebDeveloper View Post
We easily get spoiled by our Macs which are based on *nix (Debian) originally...
Nowadays, it officially counts as Unix, and it has nothing in common with Debian Linux. It's based on BSD, and if I remember correctly, OpenBSD, specifically.

Also, to the OP, your ISP isn't blocking all outgoing ports, as otherwise you would have no internet connection at all. What you meant to say is that they are blocking incoming ports.

If all you really want to do is write a blog, there are sites you can use to do that for free, like Google's blogger.com. It's not Wordpress, but it is a blog. The remote login can be done better nowadays with services like LogMeIn.
__________________
ACMT, ACTC, ACSA
C# w/.NET 4, Entity Framework, and T4; JavaScript; Bash; Awk; C++ w/wxWidgets and Boost; ANTLR(C), flex/bison; Objective-C; C
Detrius is offline   0 Reply With Quote
Old Sep 20, 2013, 03:54 PM   #11
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
Quote:
Originally Posted by Detrius View Post
Nowadays, it officially counts as Unix, and it has nothing in common with Debian Linux. It's based on BSD, and if I remember correctly, OpenBSD, specifically.
I stand corrected. I meant to say Darwin, and technically:

Quote:
Darwin forms the core set of components upon which OS X and iOS are based. Darwin is built around XNU, a hybrid kernel that combines the Mach 3 microkernel, various elements of BSD (including the process model, network stack, and virtual file system), and an object-oriented device driver API called I/O Kit
- Wikipedia, noting it's not always accurate as a source, but close enough for this conversation.
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com
SrWebDeveloper is offline   1 Reply With Quote
Old Sep 21, 2013, 01:06 PM   #12
Detrius
macrumors 68000
 
Join Date: Sep 2008
Location: Asheville, NC
Quote:
Originally Posted by SrWebDeveloper View Post
I stand corrected. I meant to say Darwin, and technically:

- Wikipedia, noting it's not always accurate as a source, but close enough for this conversation.
http://en.wikipedia.org/wiki/Berkele...SD_descendants

I was slightly incorrect. It was FreeBSD, not OpenBSD, that NeXT was based on (which, in turn, OS X is based on). I always forget which of those two OS X was based on.
__________________
ACMT, ACTC, ACSA
C# w/.NET 4, Entity Framework, and T4; JavaScript; Bash; Awk; C++ w/wxWidgets and Boost; ANTLR(C), flex/bison; Objective-C; C
Detrius is offline   0 Reply With Quote
Old Sep 21, 2013, 02:16 PM   #13
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
Quote:
Originally Posted by Detrius View Post
http://en.wikipedia.org/wiki/Berkele...SD_descendants

I was slightly incorrect. It was FreeBSD, not OpenBSD, that NeXT was based on (which, in turn, OS X is based on). I always forget which of those two OS X was based on.
I know exactly what ya mean! It's all good, thanks for the reply.
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com
SrWebDeveloper is offline   1 Reply With Quote

Reply
MacRumors Forums > Special Interests > Visual Media > Web Design and Development

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iCloud outgoing mail down? Boyd01 iCloud and Apple Services 3 Jan 4, 2014 11:48 AM
Outgoing Email not working bhigh8 iPhone 13 Oct 10, 2013 08:49 AM
2 Different Outgoing call screens... k9buddyjoey iOS 7 2 Sep 30, 2013 10:42 AM
Outgoing Mail troubles peewee66 Mac OS X 10.7 Lion 2 Apr 13, 2013 06:12 AM
Ping works but all other ports are blocked tinytiger OS X 10.8 Mountain Lion 3 Oct 18, 2012 10:23 AM

Forum Jump

All times are GMT -5. The time now is 01:02 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC