Windows 10: Why Would/How Could Ports Refuse to Open?

all http traffic comes via port 80 and all browsers will listen on that port. i can have three browsers at once all listening on port 80 - and i often do. that's right, eh?

so that looks like firefox doesn't block port 80.

But we're talking port 80 on the router there, aren't we? The so-called 'WAN Port' when we create the port forwarding rule?

Then there's a LAN port has to be named and that's going to be a port on the machine in question.

So like here's a rule:

name wan port lan port machine address
88port 3300 80 10.0.0.88

which means that traffic to router port 3300 gets routed to port 80 on local lan machine '88' - i.e. 10.0.0.88

not that the router need really have those ports. they're 'virtual'. the router just reads the packet and packets addressed to port '3300' get forwarded to the chosen port on the chosen machine. same difference though. can still talk about it as though the router ports were real.

and that's a rule that currently exists on my router and works. Works fine. But machine '88' is not the one I'm having trouble with.

right so far?

how am I testing? testing the forwarding? I use web based port checkers and like I say, they all say 'closed'.

I also use CurrPorts which is a utility you can download which checks down on your machine for open ports, I don't know how. It doesn't list the ports I've supposedly forwarded as open either.

I also use netstat -ano to list active connections and see 80 listed as being listened on by process 4, the ntkernel and system.

but I don't see the ports I've supposedly opened as being listened to by anything.

What I do see after I enter an url, IP+port is that 'foreign address' (i.e. the IP+port that I just entered in the browser) as in a state of
'SYN_SENT' which I suppose is a request for synchronisation.


and a little while later it disappears entirely, having 'timed out'.

On the machine that is working I will see an established connection between some port on that machine and a 'foreign address' of the IP+port.

Question is: why does that work there and not here?

 

Hmmmm ... Ok, you lost me, but if your just wanting to use port 80, then just forward port 80 to the IP of machine running the web server.

Here is my router port forwarding for 80 and 443 for my Apache Server
Service Name | External Start Port | External End Port | Internal Start Port | Internal End Port | Internal IP address
HTTP | 80 | 80 | 80 | 80 | 192.168.1.2
HTTPS | 443 | 443 | 443 | 443 | 192.168.1.2

 

thanks for the idea but it's been covered. default binding works fine on that 'other' machine but nevertheless I went there and checked and this one has precisely the same binding as that one: http, port 80, '*'

 

Did you run the Windows Network reset I mentioned earlier?

Have you tried these standard resets?

Run the following four bolded commands. Use a Command Prompt(admin) or Powershell(admin)
Do not key in info in brackets, there for your information.


ipconfig /flushdns (Clear the dns cache)
nbtstat -RR (release and refesh NetBIOS names)
netsh int ip reset (reset ip settings)
netsh winsock reset (Reset Winsock Catalog)

 

I'm sure I'm miss understanding, but that statement seems to indicate that your trying to run two IIS Web Servers on two different machines. If that's the case, then the bindings can't be the same as the internal ips will be different. You'll have to bind each to it's respective ip. Also, you can't have both of them listening on port 80. You'll have to change one of them to use say port 8080 or port 81.

 

no i didn't do the network reset yet.
and i'll hold off a bit before issuing those four commands. i've done them all before actually and with no connection to port forwarding that i remember...
i've tried reconfiguring one of the IIS installations to bind to a different port and it hasn't made any difference. and what about when that other machine is not switched on? surely there could be no conflict then? but it still doesn't help matters....

 

As long as your not trying to run both IIS Web Servers at the same time, then you can have both listen on port 80. You would have to adjust your port forwarding for port 80 to the correct internal IP. I would still set the binding for the internal IP of the given machine and not use the *.

Note: Been while since I've used IIS, but just stopping/starting and/or restarting IIS after making changes wasn't enough for it to pick up the changes, I had to restart the PC.

 

BTW .. what's the make/model of your router ?

 

Yes, I'll believe that. A fairly common nuisance, eh? But the binding took according to 'localhost:81' which worked.

But the overall problem didn't go away. I've switched that other machine off now, anyway.

*Smile

p.s.

in another place where I'm looking for help with this i'm told we can have as many IIS instances listening on 80 as we like.... What Ports To Use For My IIS? : The Official Microsoft IIS Forums

 

It is local to Australia - a TG800vac. 'Telstra Gateway'. They're a rebadged something but I don't know what.

 

Ok, and in your router port forwarding, you changed the wan & lan port to 81 for the internal ip of the running web server ?

Edit: Have you double check windows firewall incoming rules ... to make sure port 80 and/or 81 is set/enabled ?

 

The router port forwarding rule looks like this:

Name. Wan Port Lan Port. Device. Address.
3300 3300 80 10.0.0.13 mac address.

And it doesn't work. netstat shows packets getting to 'syn_sent'

now if I change that to:

Name. Wan Port Lan Port. Device. Address.
3300 3300 80 10.0.0.88 mac address.

then it works. and netstat on that machine will show 'established'

 

hmmmm..... the wan and lan port should be the same port number. So if your wanting to use port 80, it would be
Name | Wan Port | Lan Port | Device | Address
HTTP | 80 | 80 | 10.0.0.XX

Note: XX is the internal ip of the running web server

Edit: Also double check your bindings so it's 10.0.0.XX port 80

 

no mate, I keep telling you - it works fine on the other machine.

it worked fine here previously but just in case i've lost my mind and my memory there's the other machine right there here and now today using exactly that configuration, those rules and they work.....

my understanding is:

a router gets a packet addressed to it with a port number, too.
it checks the port number against its 'port forwarded' list.
if it finds it then it looks to see what device and what port it should send the packet to.
that device is named in the port forwarding rule, named by its local IP - I showed an example of 10.0.0.13.
and the port to be used on that device is also named - port 80 in my example rule.

and right here is where you and I differ. You are saying it should be the same as the WAN port.
But why?
On the local machine you need an application 'listening' to that port.
The application we're talking about in this instance is IIS.
And IIS has a 'binding' which we've talked about or this thread has talked about and which is by default port 80.
That's where IIS 'listens'.

So the packet has to be sent to that port - port 80.

If I change IIS bindings to say 81, as I just did a while ago for demo and thorough checking purposes, then the rule must be amended to quote port 81 as the lan port and the URL 'localhost' must be amended to 'localhost:81'

Why doesn't it need 'localhost:80' normally? Because port 80 is the default for http traffic.

Now if it were something different, another app, perhaps a game, perhaps say Minecraft, then it would listen on a different port. I think Minecraft uses something like 25565.

So on the computer Minecraft is listening for Minecraft type packets (which probably only it can understand) on port 25565. And so we have to set the lan port at 25565.

And we find the WAN port is also 25565. Why? Because for convenience Minecraft packets all have the same port number attached: 25565. So they come into the router and it sees 25565.
It looks on its forwarding list and sees it.
And it sees a device address there too.
And it sees a port number on that device - 25565.

So yes. In that case they're the same. In that case and probably the majority of apps.

But not in this case.

As demonstrated by my second IIS installation on the second machine on the same lan receiving traffic without any problem at all.

 

Ok, ..... The way I see it, you've mapped wan/external port 3300 to lan/internal port 80. That's why, when you check it externally ... it shows port 80 as closed (port 3300 would show open I bet) and why localhost:80 works as it's internal and IIS picks it up cause that's the binding you set in IIS.

Edit: It's easy to check with your current 3300 to 80, have you tried your external IP with port 3300 to see if it connects ?