|You're not following me.|
When a computer connects to a website to surf the website, it connects to the server's port 80 by default. However, the client computer DOES NOT necessarily use it's own port 80 to make the connection. It could use any of its 65,000 ports. It could use any port it wants to initiate the connection, and it is randomly chosen. Here's how it works...
Client machine:Random port number let's say 2310 connects to webserver's port 80.
SOHO routers are configured to allow everything out of the network, and nothing in unless the connection was initiated from the inside, in which case it allows it in, regardless of port forwarding rules.
Ex. I try to connect to your machine right now on port 80. Router checks port forwarding rules and sees no rule to forward the request, so BAM, connection denied.
However, you connect to my website, and my webserver then sends your computer HTML content, router allows it because your computer connected to my webserver first. Your port forwarding rules were irrelevant in that case!
In this case, you are trying to prevent users from connecting to any computer outside on the internet except for surfing the net.
Here's are the facts about the traffic you want to allow:
The DESTINATION port of this traffic will be 80 for standard HTTP and 443 for HTTPS (SSL encrypted). However, YOUR CLIENTS will use random source ports. IE...
Client computer:random source port to webserver's destination port of 80 or 443.
Your router(s) will allow all outgoing connections so they will be able to do virtually ANYTHING if they initiate the connection, whether it be surf the net, run Kazaa, chat, play games, etc. However, if you set up port forwarding for port 80 and 443, now you're allowing outside computers to initiate connections to your internal computers on those ports. You didn't want that either.
Most SOHO routers will regulate only connections initiated from the outside in, not the inside out. You are trying to regulate connections from the inside to the outside, which your router probably doesn't do. Port forwarding IS NOT regulating from the inside out, only the outside in.
Again, a port forwarding rule for 80 means ONLY that an outside machine to connect to an inside machine via port 80, which is used to allow an outside machine to connect to an internal web server on your network. That's not what you wanted, is it?
"Republicans in Congress are moving to ratify a constitutional amendment to ban flag burning, thus ending the Iraq insurgency."