Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Home Server - Ports Blocked?

supermiff
Tuning in

on ‎21-10-2022 11:13

I'm a residential customer with a typical 500mbps package. My Virgin media router is set to "modem-only mode" and I use an external WiFi router.

I have forwarded ports 80 TCP & 443 TCP on my router & allowed 80/tcp & 443/tcp on the servers ufw, however, I am still having networking issues.

In order for me to troubleshoot my issue I first wanted to ensure that ports 80 & 443 were not blocked in any way by the ISP. I could potentially change the ports however, ideally, for maintenance purposes, I would prefer to use these ports if possible.

Im not a networking wizard but have a basic understanding, so any advice is hugely appreciated.

0 Kudos
12 REPLIES 12

supermiff
Tuning in
In response to legacy1

‎26-10-2022 23:18 - edited ‎26-10-2022 23:20

I have since managed to solve the issue through trial and error earlier this afternoon.

It turned out that port 80 had previously been forwarded on my router for the kids Xbox. Not sure why this was done but looking at online documentation it's recommended for establishing an open NAT.

Anyway, the second I removed 80 from the other devices ruleset, port 80 immediately opened for my server.

Not sure what the cause of this is as I'm not a networking jedi, but it was obviously causing some kind of conflict. Whether or not the Xbox still operates online, I don't know, but I'm sure I'll find out if I get my ears chewed off by the kids later in the week.

0 Kudos

Timwilky
Fibre optic
In response to supermiff

on ‎28-10-2022 13:40

Personally, I would never recommend forwarding your port 80/443 etc. These are by default used for http/https. forwarding exposes all your web server to attack on these ports.

 

Ideally you should have a reverse proxy within a DMZ to your web server. meaning that connectivity is then restricted to the proxied URLs. Your proxy being subject to tight firewall rules and armoured to provide only the services required to operate as a proxy. proxy -> Webserver rules tied down to only permit the http/https etc.

 

Hub4/Gig1-> pfSense->Microtik CRS312/CSS326/CRS305->Meshed Asus RT-AX89X
VM Network - Timwilky
0 Kudos

jongbray
Joining in
In response to Tom_W1

on ‎01-11-2023 01:37

Hi.  I came across this thread while trying to work out my external (shared) server (and only that server) has suddenly stopping being able to access any of my home servers other than 80 (if I redirect port 80 to one of those home servers they show up fine).  I'm not using modem mode, so my interest was piqued by "we do not block ports from our side....especially in modem mode".

As the server is shared I'm not responsible for what other users might do with their part of it; I'm wondering whether websafe or a similar technology could have blacklisted the server and stopped talking to it from non-standard ports?

I've looked at the router (hub 3)'s logs, but they don't seem up to the task of working out at what point the communication is suddenly failing.

0 Kudos
Top