3BB closed my port 80? Looking for confirmation and options

[Lopburi99]

I went through this recently with 3BB when I setup a private cloud at home. Spent a lot of time investigating it and 3BB indeed blocks incoming 80 but 443 (SSL) was open and since I wanted my cloud access secure anyway it worked out for me. But, as mentioned, many ISPs will block incoming port 80 to prevent home users setting up a website as they are suspicious it may be commercial and cut into the traffic. Since I do not have a static IP, I use No-Ip and port forwarded on my router port 443 to my apache server. Port 80 (3BB) shows closed on all websites that have port scanners to test for open ports but 443 ok.

is your port 443 also open from abroad?

Yes, as I used several online port scanners from outside of Thailand to verify it with.

Your port 443 is open from abroad but mine isn't? Are you on the 590 bt plan?

[Tywais]

I went through this recently with 3BB when I setup a private cloud at home. Spent a lot of time investigating it and 3BB indeed blocks incoming 80 but 443 (SSL) was open and since I wanted my cloud access secure anyway it worked out for me. But, as mentioned, many ISPs will block incoming port 80 to prevent home users setting up a website as they are suspicious it may be commercial and cut into the traffic. Since I do not have a static IP, I use No-Ip and port forwarded on my router port 443 to my apache server. Port 80 (3BB) shows closed on all websites that have port scanners to test for open ports but 443 ok.

is your port 443 also open from abroad?

Yes, as I used several online port scanners from outside of Thailand to verify it with.

Your port 443 is open from abroad but mine isn't? Are you on the 590 bt plan?

13Mbps/1Mbps 950 Baht. You need to have a service running on your computer that has the ports open locally plus port forwarded from the router to the local computer for it to detect it. Plus, the firewall on the PC needs to be set to allow incoming connections on 80/443.

I run an Apache server and if I stop the service 443 shows closed. Restart the service 443 shows open. Port 80 shows closed in either case.

[Lopburi99]

I temporarily switched off my windows firewall, started my Apache2 server, checked port 443. Still closed. Maybe allowing opening 443 is a "feature" of the 950 Baht plan? Still waiting what 3BB has to say about all this.

[Tywais]

I temporarily switched off my windows firewall, started my Apache2 server, checked port 443. Still closed. Maybe allowing opening 443 is a "feature" of the 950 Baht plan? Still waiting what 3BB has to say about all this.

When you run netstat -a from cmd window (if running Windows, else sudo netstat -a for linux) does it show 80/443 Listening?

[Lopburi99]

I temporarily switched off my windows firewall, started my Apache2 server, checked port 443. Still closed. Maybe allowing opening 443 is a "feature" of the 950 Baht plan? Still waiting what 3BB has to say about all this.

When you run netstat -a from cmd window (if running Windows, else sudo netstat -a for linux) does it show 80/443 Listening?

It shows 80 listening, no mention of 443, but says 445 is listening.

Huh? Now portcheck shows 80 open? Maybe 3BB is looking into this as we speak.

[Turkleton]

You need to have a service running on your computer that has the ports open locally plus port forwarded from the router to the local computer for it to detect it. Plus, the firewall on the PC needs to be set to allow incoming connections on 80/443.

I run an Apache server and if I stop the service 443 shows closed. Restart the service 443 shows open. Port 80 shows closed in either case.

Exactly.

Without running services on these ports, they show closed.

It shows 80 listening, no mention of 443, but says 445 is listening.

Huh? Now portcheck shows 80 open? Maybe 3BB is looking into this as we speak.

If netstat doesn't show something listening on port 443, there is just no service running on this port.

Yep, I'm also sure, 3BB will looking into this on Sunday afternoon...

I bet, this is a messed up configuration on your side.

PS: On which port is the Admin Interface of your router running?

Mine is running on 80 and the port is closed by default from WAN access for security reasons.

Same could be valid for 443, if your router has some "remote configuration options" which usually use port 443.

[Lopburi99]

If I understand you correctly, my router's web configurator (Admin Interface?) opens on port 1 (192.168.1.1) - if I don't, how do I determine which port?

[Lopburi99]

You need to have a service running on your computer that has the ports open locally plus port forwarded from the router to the local computer for it to detect it. Plus, the firewall on the PC needs to be set to allow incoming connections on 80/443.

I run an Apache server and if I stop the service 443 shows closed. Restart the service 443 shows open. Port 80 shows closed in either case.

Exactly.

Without running services on these ports, they show closed.

This was my situation. Didn't know my server had to be running on the Pi for port 80 to be shown as open. Others take note. Thanks guys.

[manarak]

I temporarily switched off my windows firewall, started my Apache2 server, checked port 443. Still closed. Maybe allowing opening 443 is a "feature" of the 950 Baht plan? Still waiting what 3BB has to say about all this.

When you run netstat -a from cmd window (if running Windows, else sudo netstat -a for linux) does it show 80/443 Listening?

It shows 80 listening, no mention of 443, but says 445 is listening.

Huh? Now portcheck shows 80 open? Maybe 3BB is looking into this as we speak.

port 445 is a standard port for SAMBA services.

you probably need to configure your router, many don't come pre-configured with port 443

[manarak]

If I understand you correctly, my router's web configurator (Admin Interface?) opens on port 1 (192.168.1.1) - if I don't, how do I determine which port?

that's not port 1, that's an IP address.

you need to do some reading.

[Sayonarax]

All of my future users will be in the U.S. unfortunately so unless I/we come up with a workaround I'd be forced to use commercial hosting. That defeats everything I've been trying to do.

It cost as little as $2 to get a VPS, is your lack of linux and LAMP knowledge stopping you from doing this?

[Turkleton]

If I understand you correctly, my router's web configurator (Admin Interface?) opens on port 1 (192.168.1.1) - if I don't, how do I determine which port?

that's not port 1, that's an IP address.

you need to do some reading.

No, reading is not enough.

He definitely needs someone with basic networking and LAMP knowledge.

And someone who is able to configure his router and firewall properly.

It cost as little as $2 to get a VPS, is your lack of linux and LAMP knowledge stopping you from doing this?

No, no good idea to run a VPS (or even a webserver) without knowledge.

It's only a matter of time, when the machine will be converted into a malware bot, because of unpatched security holes....

[Lopburi99]

Worked like a charm all last night, now this morning won't work at all. Port 80 sometimes open, sometimes closed. Wherever the switching is taking place, it is inconsistent.

BTW, I am well aware what a stupid IP address is, I was referring to the final 1 in 192.168.1.1 as a port #, similar to 192.168.1.99 corresponding to my static port 99, sorry if that was too subtle. But please, go ahead and continue your ego-serving food fight without me. (Gotta love the TV ignore feature). I've been successfully configuring and operating Pi and Beaglebone applications, including evaluating the popular web servers, for over a year. Currently I am trying to conclude if I prefer Apache2 over Lighttpd or Nginx for various usage scenarios I have in mind. I've been self-employed IT for 42 years. I don't need to defend my credentials to anybody.

[KittenKong]

BTW, I am well aware what a stupid IP address is, I was referring to the final 1 in 192.168.1.1 as a port #, similar to 192.168.1.99 corresponding to my static port 99, sorry if that was too subtle.

No, you're wrong.

192.168.1.1 is an IP address, as is 192.168.1.99. Neither has anything to do with ports.

If you want to specify port 99 then it should read 192.168.1.1:99 etc.

[Sayonarax]

If I understand you correctly, my router's web configurator (Admin Interface?) opens on port 1 (192.168.1.1) - if I don't, how do I determine which port?

that's not port 1, that's an IP address.

you need to do some reading.

images.jpg

No, reading is not enough.

He definitely needs someone with basic networking and LAMP knowledge.

And someone who is able to configure his router and firewall properly.

It cost as little as $2 to get a VPS, is your lack of linux and LAMP knowledge stopping you from doing this?

No, no good idea to run a VPS (or even a webserver) without knowledge.

It's only a matter of time, when the machine will be converted into a malware bot, because of unpatched security holes....

Well that only happens when you set your password to a level a brute force bot can guess..

I forgot the script i used to manage connections where you limit root password guesses to ex amount or times per said hour/minute

Always some bastard from China trying to hack my webserver

[Turkleton]

Well that only happens when you set your password to a level a brute force bot can guess..

I forgot the script i used to manage connections where you limit root password guesses to ex amount or times per said hour/minute

Always some bastard from China trying to hack my webserver

well, I guess you refer to SSH.

And I know this all....SSH is more or less secure.

But what's about the numerous bugs in Apache, Mysql or even the worst one, PHP, especially if unpatched?

Last week(?), some unpatched versions of Wordpress (PHP) have been compromised and the attackers were able to get root access somehow.

However, running a LAMP stack on a RPi, without even knowing the difference between an IP address and a port, is at least....lets say it diplomatic....fearless.

EDIT: may I suggest at least this one?

SCNR...