Thursday, 09 December 2021

Check if your firewall is blocking outbound or destination ports

Most of the programs we use on our computers do not require us to open ports for them to work properly. A typical example is our Internet browser, which for it to work we do not need to do anything special, because all routers use NAT, so any access from the internal network to the Internet is allowed without any limitation. However, it is possible that the firewall of the router or your computer is blocking the outgoing ports, therefore, you will not be able to connect to certain services using the destination ports, either TCP or UDP. Today we are going to explain how you can easily check if your firewall or router is blocking the destination ports.

We are going to start by briefly explaining what a port is and which are the ones that we most commonly open. Then we will know what portquiz.net is and how it works by putting a series of examples. Next, we will talk about netcat and how it can be used thanks to this website and more.

What is a TCP or UDP port

The transport layer protocols, both TCP and UDP, make use of source and destination "ports" to be able to communicate point-to-point between the different computers. We can define a port as a value that is used to distinguish different services (sockets) that we can have open on the same host, server or PC. It should also be noted that the IANA, which comes from the acronym in English Internet Assigned Numbers Authority, is the entity in charge of assigning ports .

Currently this body controls ports from 0 to 1023, which are known as the best known ports. Some examples where we need to open ports would be:

  • To create an FTP server and remotely access your files. In this case you should open the FTP control port which is normally 21.

  • The configuration of an SSH server on your computer so that we can control it remotely. Port 22 is commonly used here.

  • If you download with P2P programs like Emule or BitTorrent.

  • Also when we need to make a connection from the Internet to your internal local network, be it a PC, console or server.

Not only is it important to open ports in the «NAT» of our router, so that from the outside they can access services that are inside the NAT, it is also very important that the firewall of the router or the PC in question allows communication to the outside. Currently, firewalls not only allow or deny access from the outside, they are also in charge of allowing or denying access from the internal network to the external network, or directly blocking any outgoing traffic on the end computers.

On many occasions, if we have opened a port on the firewall of the router or PC in the inbound direction, if we have not done the same in the outbound direction, there will be no communication. For this reason, the most useful thing is to use an online tool called portquiz.net, which will allow us to check if our firewall / router or PC allow outbound connections.

What is and how does portquiz.net work?

Thanks to the website portquiz.net we find an online tool where we can check if the output ports are being blocked in which one of the causes may be a firewall or that we do not have it open. Here we find a server that is capable of listening on all TCP ports. Thus, thanks to this website it will allow us to test any outgoing TCP port from 1 to 65535.

As for its way of use to check if the output ports are being blocked or not, we have two ways:

  1. Using the web browser, in which we will put the URL of portquiz.net and the corresponding port that we want to check.

  2. Using the netcat command.

Before starting, comment that the person in charge and creator of the portquiz.net server states that in some ports it cannot be used to obtain reliable results. One of the ports that we should not use is 445 because your hosting company is probably blocking it. The other ports that cannot be checked are 22 and 25 because this server is using them for real and working services, the rest of the TCP ports can be checked without any problem.

Check if you are blocking outbound ports

The way to check if you are blocking the ports in the outbound direction is very simple, in the address bar of our browser we will write http://portquiz.net:XXXX. The only thing that instead of XXXX we will replace them with the corresponding port to check. This way we could check if the output ports are really being blocked or we can use them normally.

Some examples that we could use are:

  • http://portquiz.net:443

  • http://portquiz.net:8080

The first time we access portquiz.net by default it will check port 80, since it is the port that corresponds to the HTTP protocol for web browsing. These are the results I have obtained:

Here he tells us that we have reached this website using port 80, which means that we can use it. Below, indicated with the second red arrow, it shows us the exit IP that will normally correspond to our public IP, unless a VPN is used. This is ideal to really check if our connection goes through CG-NAT, through a proxy or through a VPN server that is blocking the outgoing ports.

On the other hand, if something is blocking the output ports, we would get results like these:

 

 

Telnet port 23 on many routers is closed for security. So it is normal that it is one of the list of those that are blocking the output ports. The usual thing is that the vast majority show the same result as the first one above, in which it is seen that we have access to the web through that port.

Check ports with portquiz and netcat

In the event that you are checking the firewall of a server that you have accessed by commands, and, therefore, you do not have a web browser, then you can use the netcat command from the command line. Thanks to netcat, we will be able to check which outgoing TCP ports we are filtering, be it the server itself where we are connected, the router/firewall installed or directly the Internet provider.

Using the portquiz.net server and the netcat command we could check ports using a syntax like this:

As you have seen, checking the open ports in the outbound direction is really easy using this interesting, fast and totally free tool. In addition, the strong point of portquiz is that we can easily check the open ports in output both via the web with the browser, as well as with commands using netcat, ideal for servers or routers where we connect via SSH.

 

Link: https://www.redeszone.net/tutoriales/configuracion-puertos/comprobar-bloqueo-puertos-salida-firewall/

NOCPERU - DATA CENTER, is the first corporate data center dedicated to companies, a robust and stable system developed with fiber optic connectivity and operated by the highest international standards.

Contact Us

Trujillo, La Libertad, Perú
01 641 1239
044 64 3108
01 305-749-5753
+51 902 524 298