Skip to main content

question about ports blocking btw 2 servers

More
14 years 5 months ago #34767 by shens
Hi!
i'm really new at this and don't know a lot about networking, sorry for my basic knowledge...

I'm adding a feature in a website that must communicate with another website. website A (my side) is on https, website B (3rd party) is on normal http i think. my dev machine is able to connect to website B no problem, but live server is unable to. The live server have everything blocked and we need to get coorp to open ports for us. Coorp said they opened both 80 and 443 but it's still not working... What I want to know is, is the 3rd party sending response on 80 instead of 443 that is the problem or is there other ports that should be opened for such a situation :

website A must send a request to website B to get an ID though port 80 method POST. Website B sends back a response also through port 80 or 443. I'm using wireshark with my dev machine and one thing i saw is that when website A sends to website B, source port is a number that changes and destination port is 80. When website B sends back to website A, it's the reverse. I read
www.firewall.cx/tcp-analysis-section-1.php
and I'm wondering, is it because website B is trying to reply with port 80? and that's why it's failing on live server and not my dev machine
or is it the source port number that keeps changing and is being blocked?

Any help & explanation & suggestion are welcome!!
Thanks in advance!
More
14 years 5 months ago #34769 by KiLLaBeE
The issue isn't because the source port is randomizing, that's actually by design. The issue is that the codebase on the website application doesn't specify the port that the request should be sourced on, so by default, the application will use a random port greater than 1024 as the source. Then when the 3rd party vendor receives the request, it will naturally respond back to the source port (which was randomized) and the request will get blocked by the live server (since it's a locked down web server). So the fix is to specify the source port that the request should be made on (i.e.: 80 or 443) through the code.

It's most likely working fine on your dev machine because your dev machine isn't locked down. It's usual for the web server to be locked down (since it's completely public facing).

Also, if you want to confirm that ports are open, I recommend using Nmap. With the following command, it can tell you whether ports 80 and 443 are open on the destination host:

[code:1]
nmap -p80,443 www.example.com
[/code:1]

If you make the above stated change and it still fails, you may want to look into HOW the traffic from your site is being sent to the third party. Is it going through the Internet or being routed differently. I don't think this will be the issue, though.
More
14 years 5 months ago #34795 by shens
@KiLLaBeE:
Thank you!! I'll be trying that check to see if the posts are open or not, i have suspicion that it might not be yet...
if it is, i will try to specify the source port programatically like you said, i'm using C#.
Yeah, my dev machine has no problem accessing anything. the web server though, i heard they even blocked ping on it! Thanks again!
Time to create page: 0.117 seconds