All outgoing ports are blocked

Discussion in 'Web Design and Development' started by Calion, Jul 21, 2013.

  1. macrumors newbie

    Joined:
    Jan 27, 2013
    #1
    I don't see how they managed, but apparently Frontier blocks all outgoing ports. All of them, at least that I've tested (no, I didn't try thousands of ports. But I tried several ports from a wide range).

    Does anyone know a way around this? I just want to be able to host my personal blog from my computer, not run a business that uses tons of bandwidth.
     
  2. macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #2
    For clarity, I assume you've got Frontier's broadband connection as an ISP to your home and not a webhosting package. If true, port blocking of this type is actually very common since most ISP's allocate shared bandwidth to customers and throttle upstream both by port blocking and capped throughput. They can't tell what kind of site you want to run nor do they care actually. It's just a global policy to discourage end users from using their bandwidth in this manner.

    It's also in your best interest not to do so even if you find a port because upstream vs. downstream speed is rarely equal for consumer broadband packages vs. business packages which likely include and encourage webhosting on separate servers. So go with a cheap webhost (there are plenty of topics on this forum with suggestions) and appreciate the unlimited bandwidth, off site protection of your data (in case your computer fails) and the freed up resources on your computer. Your users will appreciate it, too, as the site will respond much faster on a professionally maintained webhosting platform. Most of the cheap webhosts also integrate domain registration so you can safely point the DNS there as well and have no worries with DHCP leased IP's which is common for residential broadband.

    Other users might post solutions that involve special routing, NAT setup, services that bind dynamic IP's to hostnames, DIY webhosting -- but all of these do not improve performance which is limited due to capped/throttled share bandwidth. Just because you can does not mean you should. My .02
     
  3. thekingofnerds, Jul 22, 2013
    Last edited: Jul 22, 2013

    macrumors regular

    Joined:
    Jun 26, 2013
    #3
    Well... they don't block "all" outgoing ports, since you wouldn't be able to connect to any websites or even check your e-mail if that were true.

    If your server doesn't work properly on ANY ports (including the high-ports used for temporary connections, like 10567), then it is possible they are inspecting all incoming headers to check for initial HTTP connection headers. If that is the case - there's nothing you can do to bypass it aside from using using a VPN or tunneling.

    Aside from that - hosting anything off your personal computer that will be available publicly is always a bad idea. Web servers like Apache have been time-tested for years and years, but they still have severe vulnerabilities.

    Anyone who runs a public server know all too well how often people attemtp to break in. The recent case with Apple once again proves that even multi-billion-dollar corporations can get attacked.

    It isn't worth putting your personal network, let alone your personal computer, at risk. Test & dev on your local machine - but don't ever open it up to the 'net if there is anything on there you don't want to get out. This is why banks and ecommerce companies store encryption keys and databases on servers that are not directly connected to the outside.

    Bots will also often scan open servers and slam them hard if they find common ports open, especially on residential IP blocks.

    As SrWebDeveloper said, pay the $3-5/month and get a cheap host. Everyone will be happier.

    P.S - If you really want to experience setting up a server from scratch, you can get a cheap VPS for a couple of bucks per month. They are a great way to learn, without risking your data. As a bonus, a lot of them have sick speeds that will put your home connection to shame :)
     
  4. Calion, Jul 22, 2013
    Last edited by a moderator: Jul 22, 2013

    thread starter macrumors newbie

    Joined:
    Jan 27, 2013
    #4
    Others have had a different view. I don't want to pay money to experiment with a Wordpress blog that I might get a dozen hits per day (more likely per month) on. Besides, I've found it very useful in the past (before I had Frontier) to be able to do things like ssh into my computer remotely. Also besides, I'm interested in getting into and learning about Apache, etc. Lastly, I hate it when tech defeats me! I don't know enough about tcp, ports, etc., and I don't like being foiled because I don't know enough.

    However, I do appreciate your 2¢.

    Actually I'm not sure what's going on. Port 21 returns "No connection could be made because the target machine actively refused it" from online port scanners, but other ports (such as 80) simply timeout. So it does seem that there should be a way around it, even though forwarding port 80 with my router to my Mac doesn't seem to fix anything.

    Hm. I didn't realize that the security problem had gotten that serious.

    Now that's an interesting idea. One of the offers is for $15/year! That may be worth it to me. Thanks for the tips.

    I'd still like to figure out what the *($! is going on, though.
     
  5. macrumors regular

    Joined:
    Jun 26, 2013
    #5
    Have you tried putting the server on any completely crazy ports like 2345 (with forwarding enabled from the router, of course) ?

    If it doesn't work on something like that, I would bet they are definitely blocking it using packet inspection.

    ---

    As far as a cheap VPS goes - they do come in handy. I use them all the time as testing/staging servers for clients.

    If you go that route, I would just read the reviews first. Lowendbox is usually pretty good with reviews (and the deals can't be beat!) - usually it's nerds getting these things so if a service sucks they will say so ;)
     
  6. thread starter macrumors newbie

    Joined:
    Jan 27, 2013
    #6
    I haven't tried moving my server ports around yet; I figured I'd mess with my router settings and see if a port checker sees anything. I guess I want to know what those timeouts mean before I start diving into Apache to figure out how to move the server around. I'm a longtime techie, but I've never looked much at the practical intricacies of TCP.
     
  7. macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #7
    OP - you need to re-read what I wrote about throttling upstream bandwidth, your issue is not just about open ports. I strongly discourage you from doing what you posted in your original topic, you'll either end up with a slow site that will upset users, a non-standard port which many proxies, firewalls and routers on the Internet might block or find it's just not possible to do it by ISP policy.

    The VPS mentioned earlier is an example of webhosting *the proper way* if you want control and want to learn the LAMP stack. I use one myself with root access and my own domain so I can tweak performance, install binaries on the server, use version control (GIT/GitHub.com) and so on. The whole point is move the bandwidth, server maintenance and support to a third party to free up your resources and turn your computer into a development platform and sandbox for local testing. As it should be.

    You included a link about "others" who might disagree, and I am going to come right out and say it --- anyone who suggests hi-jacking an ISP and running a web site on non-standard ports just because they "can" are more times than not technical novices who very often don't understand the concepts of performance, scalability and security. If you don't care about these things, go for it. But you asked, so I suspect you do.

    Had to put my foot down on this one.
     
  8. thread starter macrumors newbie

    Joined:
    Jan 27, 2013
    #8
    Okay, fair enough, but there are other reasons than web hosting to want to be able to access your computer remotely. At one time I could ssh, sftp or afp into my computer from anywhere, and that was immensely useful. Not being able to do so because of Frontier's 100% port blocking is very frustrating, and I'm still wondering if there's a way around it.
     
  9. macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #9
    I'm sure you can understand that ISP residential port blocking is commonplace, they want to 1) sell commercial packages to make more $ and 2) bandwidth and security concerns.

    These days we have remote desktop, Skype, GotoMeeting and many other apps that allow remote management in the form of video, screen sharing, live desktop, etc. using software that exploit compression but on open ports. As a matter of fact, Frontier customer service often asks customers if they can remote in to work tickets.

    You don't want to allow open ssh or FTP to your personal computer - most average consumers don't know diddly about compression and secure protocols, SSL/TLS and firewall configuration in the router and certification management which are all part of *proper* locking down techniques if allowed at all. And all this on Windows, the majority of Frontier's user platforms? We easily get spoiled by our Macs which are based on *nix (Debian) originally and we can install and manage all things like this more easily. But Frontiers in the context of this conversation in this topic is not about commercial or business tier webhosting or shared/colo services, it's about residential ISP. Keep that in mind, respectfully.
     
  10. macrumors 68000

    Joined:
    Sep 10, 2008
    Location:
    Asheville, NC
    #10
    Nowadays, it officially counts as Unix, and it has nothing in common with Debian Linux. It's based on BSD, and if I remember correctly, OpenBSD, specifically.

    Also, to the OP, your ISP isn't blocking all outgoing ports, as otherwise you would have no internet connection at all. What you meant to say is that they are blocking incoming ports.

    If all you really want to do is write a blog, there are sites you can use to do that for free, like Google's blogger.com. It's not Wordpress, but it is a blog. The remote login can be done better nowadays with services like LogMeIn.
     
  11. macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #11
    I stand corrected. I meant to say Darwin, and technically:

    - Wikipedia, noting it's not always accurate as a source, but close enough for this conversation. :p
     
  12. macrumors 68000

    Joined:
    Sep 10, 2008
    Location:
    Asheville, NC
    #12
    http://en.wikipedia.org/wiki/Berkeley_Software_Distribution#Significant_BSD_descendants

    I was slightly incorrect. It was FreeBSD, not OpenBSD, that NeXT was based on (which, in turn, OS X is based on). I always forget which of those two OS X was based on.
     
  13. macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #13

Share This Page