TransWikia.com

Opening port: basic questions

Super User Asked by StarBucK on January 16, 2021

(I’m unsure if Superuser is the appropriate site to ask this question)

I always struggle with port-forwarding and would like to understand some basic aspects:

  • I needed to open port 27015 for a dedicated server of a game, so I:
    • Forwarded port 27015 on my router to the server [192.168.xx.xx:27015]
    • Opened port 27015 in Windows Firewall
  • When I scanned the port, it was closed and Windows’ Resource Monitor also showed it closed, however when I started my app, the port appeared open on both of these tools.

What is the principle behind port-forwarding?

  • Is it that when I open 27015 on my router, WANIP:27015 is open, but then I have to connect it from a local computer on a given port?
  • Would opening port 27030 on my computer and redirecting 27015 to 27030 have worked as well?

Why didn’t the port show it was open when the server was offline?

  • To see if a port is open, do you need the port to be open in addition to having an app listening on it?

2 Answers

opening 27030 on my computer and mapping box 27015 to local computer 27030 would have worked as well?

Yes. The server should then be set to listen on the port 27030 on the local computer (and the local firewall should be set to allow this), but a remote client should connect to the port 27015 of your external IP address.


To see if a port is open you need this port to be open IN ADDITION to have an app listening behind?

Yes. See what the documentation of nmap (a port scanning tool) says about this:

open
An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.

closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.

There are more states recognized by nmap. The site you used may or may not tell all of them apart (e.g. maybe internally it does, but maybe it is designed to print "closed" for anything that is not open). My point is: the presence of a listening application makes a difference, so the general answer to your question is yes.

Correct answer by Kamil Maciorowski on January 16, 2021

When you 'probe' (for lack of a better term) an IP:Port basically 5 different things can happen:

  1. Nothing: The connection simply 'times out' with no response
  2. An ICMP message, or which there are several types (e.g. a redirect or port unavailable message)
  3. A connect (Syn:SynAck 3-way handshake) but nothing further from the application. [A 'hung' connection]
  4. A connect but nothing from the application other than a timeout/disconnect a little while later. [e.g. a simple telnet to a DNS server on port 53]
  5. A happy application session. :-)

Which you get depends on how far down the pathway you get.

For case #1, you have a routing or firewall problem [Some firewalls are configured to just drop drop problematic packets.]

For case #2, again it's multiple choice: If the ICMP is 'port closed', either a firewall or application issue. For a 'redirect', a router in the path.

For case #3 & #4, either you (the source) are not talking the protocol your application expects or the destination application is having a problem.

Back to the OP's question: Initially, routers don't care about the destinations status. If they meet the configured requirements, they will happily setup a connection between the source and destination IP:Port as requested. That is why, even though you've set up port forwarding on your router, it still shows as 'open' if you haven't correctly configured any internal firewall or brought up the application on your inside system.

When you do, you'll hit case #5: A happy application connection.

Good Luck.

Answered by user83536 on January 16, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP