Hi, Im a networking newbie, I have some questions about port numbering. First, my ISP blocks port 80 and 8080 so I set my webserver to listen to port 1037. I get this port by referring to an article about common port number and discover that port 1037-1039 is unassigned. My question is actually about security and other port related issue. When I turned on my firewall and allow only some vital port to open (including 1037) people cannot get into my webserver, because they also need to connect to other ports (I checked with netstat with firewall off). Why is this happening? Is it how it should be? If so, is there a rule on which ports should I left open, so that people can browse my site freely? But I want to turn my firewall on again to close other unused ports. I really need your opinion on this. I've been browsing the net these days just to read articles about this, but still can't find an exact satisfying answer =D Any comment will be appreciated. Or maybe you can refer me to some links. Thank you

to access a web server using a different browsing port you add the port number to the end of the url address.

Yes mark, I told them to type http://my_ip:1037 but are they really can communicate to my computer only with that port open? since they told me that they were 'hangs' when they tried to enter my website with my firewall allowing only port 1037. and then I turned off the firewall, tell them to connect again, they enter easily. I then check netstat, and the connection is not only on port 1037, but also on some other ports. Thank you

A webserver listens on a particular port, generally 80 but in your case 1037. When the server receives a requests it transmits the data back to the client via a random port, between 1xxx - 4xxx. This is where the problem comes into play. You never know exactly which port your webserver is going to transmit data back to the client on. I am assuming you are using a piece of software for your firewall. You need to setup the firewall to allow outbound traffic on ports 1000-1036,1038-4000 . You should be able to open them just to outgoing traffic without opening them to the whole world. Port 1037 must of course remain open to incoming requests. Hope this helps.

Just a little correction to my previous post, the ports open to outbound traffic should be 1000-1036,1038-4999 The higher ports are rarely used, but you never know.

thanks man :)