firewall - Finding out which outgoing port needs to be opened

  • configurator

    I've got an application that used to work perfectly with all outgoing ports open and all incoming ports closed. Now we've closed all outgoing ports except a few specific ones e.g. http and it's not working any more. Is there a way I can find out using tools like wireshark which outgoing request is getting blocked so I can tell my sysadmin what to open?

  • Answers
  • SvW

    It should be listed in your firewall's log. If you don't log blocked outgoing traffic, turn this on at least until you know what to open.

  • Calvin B.

    Use this app and it will list out all the connections/ports/addresses that any app running is using.

  • Related Question

    windows 7 - How can I find out if a port is opened or not?
  • Roman

    I have installed Apache server on my Windows 7 computer. I was able to display the default index.php by typing http://localhost/ in the address line of my browser.

    However, I am still unable to see this page by typing IP address of my computer (neither locally (from the same computer) no globally (from another computer connected to the Internet)).

    I was told that I need to open port 80. I did it (in a way described here) but it did not solve the problem.

    First of all I would like to check which ports are opened and which are not. For example I am not sure that my port 80 was closed before I tried to open. I am also not sure that it is opened after I tried to open it.

    I tried to run a very simple web server written in Python. For that I used port 81 and it worked! And I did not try to open the port 81. So, it was opened by default. So, if 81 is opened by default, why 80 is not? Or it is?

    1. In my httpd.conf file I have "Listen 80".
    2. This site tells me that port 80 on my computer is opened.
    3. I get different responses if I try http://myip:80 and http://myip:81. In the last case browser (Chrome) writes me that link is broken. In the first case I get: Forbidden You don't have permission to access / on this server.
    4. IE writes that "The website declined to show this webpage".

  • Related Answers
  • Urda

    If you are just spot checking your ports from the outside. Use this tool:

    It will attempt to connect to your IP address, on the specific port, and let you know if it is open or closed to the outside world.

    Local issues too? Sounds like the Windows 7 firewall is cutting you off. Add an exception with this tutorial...

  • Greg Bray

    Running "netstat -a -n" from a command prompt will show all of the network connections open and the listening ports on your machine. would mean that it is listening on port 80 of all ip addresses (localhost and your public/private IP addresses) where as would mean it is only listening on localhost. You can add -b to the command and it will show which executable is using that port. You can get the same information using the Resource Monitor in Windows 7 under the Listening Ports section of the Network tab.

  • Kyle Brandt

    If you want to see if it is open from another server you can just telnet serverName 80 and see if the session opens. If it doesn't, than the either the server is not listening, or the port is blocked by a firewall.

    If it opens and then closes right away, at least windows 2003, then the software (such as Exchange) might not be configured to listen on that particular interface or IP, but it is listening on other ports. I have seen IIS behave this way because it is stupid, Apache might not.

  • raerek

    To see open ports, you should probably use nmap They have a Windows version:

    It's not enough if you see your port 80 open from localhost - maybe something standing in the way if you try it from elsewhere, that's why I recommend nmap

    From the client you type: nmap ip-of-your-server

  • Jared

    If you want to test this on your local network go download nmap If you want to see weather the port is accessible to the outside world go run a scan at

  • Piskvor

    You wrote:

    In the first case I get: Forbidden You don't have permission to access / on this server.

    Although this may sound strange, you actually don't have a problem with open ports (but with Apache config).

    That "Forbidden" message comes from your Apache server; it means that your webserver is accessible from the Internet.

    You need to configure Apache to allow serving to all hosts - otherwise they'll get the "Forbidden" page. IIRC, Apache is initially set up to only allow requests from the local computer.

    Somewhere in your Apache config, there's probably a section like this (the actual directory may be different):

    <Directory "/home/piskvor/www">
        Allow from
        Deny from all

    If you want to allow any computer to see your pages, you need to change the Deny from all to Allow from all. See the access module documentation for more info.

  • Andrew Aylett

    Server ports can either be bound to a single IP address or to every available IP address. It sounds like your Apache install is set up to bind only to, and you need to set it up to bind to *. In your httpd.conf (in Apache's conf directory), look for a line like Listen localhost:80 and change it to Listen 80.

  • jdizzle

    telnet <host> <port> is your friend. It has the virtue of being installed on pretty much every computer in the world.

    Edits after re-reading the question:

    Here are some useful diagnostic tips

    1. if you can access the site via localhost, but not via your site-local IP (192.168.*) from other hosts on your network, it's probably a windows firewall issue.

    2. if you can access the site from other site-local machines, but not from the internet to your public IP, it's a router/port-forwarding configuration issue.

  • slm

    From a command prompt type:

    netstat -ano, look for 

    ... or your IP:80. This will tell you if port 80 is open on your machine. Now if you want to check and see if you can access it from outside of your network will determine if you have sort of firewall in place. If you do you will need to forward port 80 to your web server.

  • Michael Hampton

    In DOS command:

    C:\Windows\system32>netstat -a -b
      協定   本機位址               外部位址               狀態
      TCP             801781-N1:0            LISTENING     [Skype.exe]
      TCP            801781-N1:0            LISTENING      RpcSs      [svchost.exe]
      TCP            801781-N1:0            LISTENING     [Skype.exe]