Opening port 8080 on Windows firewall
2014-07
Questioner
I am not sure if I am just missing a trick here and it will be something rather simple, or if I am trying to do something that just isn't going to work..
Anyway, I have an asp.net site and I am using IIS to host it. I have changed the bindings to port 8080 so IIS should be listening on this port.
When I have the bindings set to port 80, I can connect from a remote computer (ip:80) no problem (I have a rule in Windows Firewall for port 80).
So what I am doing now is, making IIS listen on port 8080 for this site, adding a rule in to Windows firewall for port 8080, and then forwarding port 8080 on my router, although it will not allow me to connect. When I check if this port is open, it tells me it is closed.
Will Windows Firewall not allow you to open individual ports, or do you have to add an application to the firewall?
I have looked all around the internet and everyone just adds the application as an exception to the firewall, I just want to allow a port to be opened and configure it in Windows Firewall.
Steven
From what little I know about networking, opening ports lets external data get sent in. But how that data is handled is entirely up to the applications running on my machine. So if I'm not running any malicious applications, there should be nothing wrong with disabling the firewall, right? Also, how do applications work when ports aren't forwarded? For example, I need to forward port TCP 6112 to host Blizzard games, but I've heard that HTTP uses port 80, but I haven't forwarded that port, yet Firefox still works. Btw I'm using Windows Vista.
JMD
Technically speaking, the only dangerous open port is one on which there is malicious software accepting connections without your knowledge. An open port in your firewall (allowing incoming connection requests) is not a threat at all if there is nothing on your side of the firewall listening for those requests.
The reality is that we all need to run multi-layered security which includes closing "unnecessary" ports so that they cannot be co-opted by malicious software. I.e. you would never knowingly install malicious software which would answer those inbound connection requests, but that's part of the social engineering aspect of malicious software: finding a way to convince people to install it so that it can find those open ports and hijack them.
In essence, opening ports isn't "bad", it's just necessary and should only be done individually on a case by case basis.
John T
HTTP uses port 80 for listening on the server side (incoming connections). You aren't hosting a web server, using Firefox to browse is different (outgoing connections). I'd keep the firewall on regardless. You're right in the aspect that an application needs to be listening, but if you download malicious software you've made that aspect even easier for the writer of the software to connect back and communicate with an IRC server for example to control your machine. Since the ports are already open, it can communicate on pretty much any one it wants with the exception of used ports.
If you're hosting a service (game server for example) you'll need to open ports for other users to connect. Since it's trusted software you have listening for connections there shouldn't be a problem. If you want to be extra cautious though, disable the port forwarding rule in the router when you're done with the server.
Peter Mortensen
Not unless you know what ports and who'll be using the ports.
Port opening is necessary if you want to do it manually, if not that's what UPnP is for. But I strongly advise against UPnP.
I'd like to think manually opening ports is safer than allowing applications do it for you.