As a rule, people do not learn about the existence of such a thing as a closed port under the most pleasant circumstances. Most often this happens when a computer program refuses to work properly. A message about the need to open port 443 may appear in the window of the program itself. It can also be found on the forum dedicated to this problem. In any case, we suggest that you delve a little deeper into this topic and, accordingly, understand what port 443 is, how to open it and whether it should be done.
What are these "ports" anyway?
The fact that every computer has its own IP address on a network is hardly something little known today. At the same time, most users know almost nothing about the so-called "ports".
So, in order to understand the essence of the term "port", it is worth imagining a long building with a huge number of doors. To better match reality, the number of these doors should be equal to 65,536, and each door should have its own serial number, starting from zero. In this case, the big building is your computer on the network, and the ports are these very doors.
Why do you need so many ports?
Most of them do not carry anything special and are used for different purposes. For example, when you download a file or watch movies online, your computer establishes a connection between any of its free ports and the port of the server from which you receive information. As soon as the data transfer ends, the port is released.
At the same time, some (including port 443) have quite clear assignments. For example, 99.99% of sites are viewed through port number 80. That is, when you want to go, for example, to Odnoklassniki, your computer “knocks” on the door number 80 of the Odnoklassniki server and asks to give it a page.
What is port 443?
As you might have guessed, our port also has a special purpose, otherwise why would it be worth devoting an entire article to it? However, we have already talked about its purpose - this port is also most often used for browsing sites, however, while its 80th colleague gives out information as it is, port 443 encrypts it beforehand in order to long way from the server to your computer, no one could intercept the page, let alone make changes to it.
Previously, the services of this port were used only by Internet banking systems that did not want to disclose information about monetary transactions, at the same time, today the same Odnoklassniki or VKontakte use the “safe” port in the most common cases, for example, when you view your messages or “like” other people's photos.
Why might the port be closed?
So why might port 443 be closed? There are several possible reasons for this:
- access to it is blocked by a firewall program (or firewall);
- the port may be blocked by your network administrator;
- the port may not be "registered" on the router.
When you say that port 443 is closed, you can mean several things: firstly, it may mean that a program on your computer cannot access the port of the server, and secondly, a computer from outside cannot access the port of your computer . Each of these cases, as well as the reasons for their occurrence, require quite detailed consideration, so do not expect us to detailed instructions. Nevertheless, we can tell you where to "dig".
in the firewall?
Let's start with a simple one - a firewall program. This application available on each modern computer and is used to ensure that programs do not “break” anywhere. Despite the fact that port 443 is rarely on the blocked list, it still makes sense to add it to the allowed list. Let's look at how this can be done using Windows 7/8/8.1 as an example.
To get 443, you need to do the following:
- Universal way to do this - press the Win + R keys, enter the word control in the window that appears and click "OK";
- Make sure that the "Large icons" display mode is enabled in the upper right corner (see the figure above), then click on the item "Windows Firewall";
- Now you have several scenarios for further actions: either you disable the firewall completely, or give full access to your program.
A window similar to this should appear on your screen:
To disable the firewall, click on Turn Windows Firewall on or off. It is on the left, in the middle of the list. Next, set all the switches to the positions that are circled in the following figure, and then click the "OK" button. After the problem is resolved, we would recommend returning everything to its original position. After all, if you leave the firewall disabled, there is a certain risk that various “nasty things” that get on your computer will be able to report this to their creator and start actions of little use to you.
To add a specific program to the allowed list and allow it access to port 443, as well as any others, select the item circled in red in the picture above. In the list that appears, it is worth looking for an application that does not work properly, and then check the boxes in front of it in all fields. This will give the operating system a chance to understand that this program can "communicate" both with your home devices and with the whole world. Our “operation” ends with a graceful click on the “OK” button and the closing of all now unnecessary windows.
What to do if the port is closed by the administrator?
Like 443, 80, 21 etc if they were blocked system administrator? A similar question most often worries office workers who cannot use the usual program in the workplace. In this case, there are only two options for solving the problem: if the program is needed for work, you can contact the management or the administrator personally, so that he will provide you with the opportunity to work productively, if the program is needed for entertainment, then it remains only to accept or look for approaches to a bearded uncle in a sweater. Hint: admins eat and drink, no matter how strange it may sound.
How to open a port on a router?
If you decide to create your own home computer small web or mail server, then the question of how to open ports 443, 80, 110, 25 and others should refer to the instructions for your router. Unfortunately, there is no single answer to this question, since the solution to this problem depends on the manufacturer of the equipment, the control panel of the device, and many other factors.
Instruction
Display the connection properties dialog. In the window " Network connections" select the connection shortcut. Click on it right click mice. In the context menu that appears, select "Properties". The Network Connections folder can contain multiple . Some of them may be , and some . In order to open port 80, it will be enough to perform the following steps once by selecting one connection shortcut.
Open the Windows Firewall Control dialog. In the connection properties dialog, switch to the "Advanced" tab. Click the Options button.
Open the list of firewall exceptions. To do this, switch to the "Exceptions" tab in the control dialog.
Open port 80. Click on the "Add port..." button. It is located under the firewall exceptions list. The Add Port dialog will be displayed. Enter a name for the exception in the "Name" field of the dialog. In the future, it will be displayed in the list of firewall exceptions. Enter 80 in the Port Number field. Click the OK button in the Add Port dialog. Click the "OK" button in the "Windows Firewall" dialog.
note
Don't add Windows Firewall exceptions unless you're sure this step is necessary. Some exceptions may pose a security risk to your computer.
If the system tray icon is displayed existing connection, you can open the Network Connections folder by right-clicking on it and selecting "Open Network Connections Folder".
Sources:
- How to open port 443 windows in a minute
Often, the ports needed to distribute and download torrent files are closed, and in order to open them, you need to perform a series of actions. The actions themselves are quite simple and understandable even for novice users.
You will need
- -A configured computer connected to the network.
Instruction
Type in the browser the modem address - 192.168.1.1/2/3, may vary depending on the local IP. Enter the password and login, issued initially, or set later, to provide access to the modem.
Open a port in . If the modem is ZyXEL, this can be done like this: on the Network tab, select the NAT item, go to its Port Forwarding tab and add the port with the add_27015 command. You must enter a port number in each text field with the heading Port. The protocol type is defined as udp. After that, you need to save and reboot the modem with the Save / Reboot command. The port will be open.
If a D-link modem, this can be done on the Advanced tab, the Virtual servers option, select the add_server_name command, where server_name can be, for example, external port start, Server cs, and external port end. Enter 27015 in the text box with headers, select udp protocol, set internal_port_end and internal_port_start as 27015. After applying the settings by clicking the Apply button, you should restart the modem. The port will be open.
For different modems, the tabs and settings may differ, but the essence remains the same. There is nothing too complicated in the process, you should carefully study the parameters and change them according to the model. You can check the status of the port using one of the many addresses of specialized Internet resources.
Open a port in the firewall. To do this, sequentially go to the "Start" menu, the "Control Panel" section, the "Security Center" subsection, the "Windows Firewall" item. In it, you need to select the "Exceptions" tab, the "Add port" item, set any port name and enter 27015 as its number. The port protocol must be set to udp.
In Windows Vista, the port is opened in much the same way, only the sequence is slightly different - the Start menu, the Control Panel section, the Administrative Tools tab, the Windows Firewall item, or the wf.msc command on the command line. The port will be opened.
Open a port. This is done as follows - the “Settings” item is selected in the left corner of the window, “Firewall” is selected there, the “Settings” section, the “Packet rules” subsection, the “Add” button, the UDP stream option is selected from the list, the checkbox opposite the UPD protocol is checked, the text fields for remote and local ports are set to 27015. The port will be opened.
Related videos
note
In addition to opening the port, the torrent program should be added to the list of exceptions.
Performing the operation of opening ports in Windows Vista and Windows 7 can be done by the user using the standard tools operating system Microsoft Windows without involvement software third party developers.
You will need
- - Windows Vista;
- - Windows 7.
Instruction
Click the "Start" button to call the main menu of the system and go to the "Control Panel" item to initiate the procedure for opening ports in the Windows firewall.
Select "Security" and go to the "Windows Firewall" section to proceed to the next step.
Select the "Advanced Options" item on the left side of the application window and enter the administrator password in the appropriate field when the authorization window appears.
Select the "Create rule" item and click the "Add port" button to perform the operation of opening the selected port.
Enter the number of the port selected for opening in the "Port" field and click the "Next" button.
Specify desired protocol(TCP or UDP) in the Ports and Protocols dialog box that opens, and check the Allow connection box in the next Actions box.
Apply the checkboxes on all fields in the new Profile dialog box and click the Done button to apply the selected changes.
Click the Change Scope button to select the number of computers allowed to use the selected port and enter the desired value.
Repeat the above steps for each port to be opened.
Restart your computer to apply the selected changes.
Remember that the above algorithm of actions allows you to open ports in the computer's firewall, but has nothing to do with the permissions of the Internet connection provider. To solve such problems, you need to contact a representative of the provider company.
note
How to open ports on Windows 7. This instruction suitable if your computer is connected via cable directly to the Internet, and you are using a standard windows firewall. If you connect to the Internet through a router, then the ports must be opened directly in the web interface of the router itself. First, decide which port you will open.
Useful advice
Ports in Windows 7 open through the firewall. You need to create a rule and specify the type of protocol for communication and select a port. Then click the "Allow connection" switch and complete this procedure by clicking the "Finish" button.
Display Name Name
------------
----
DHCP Server DHCP
DNS Server DNS
Hyper-V Hyper-V
Web Server (IIS)
Web Server
Main Features of HTTP Web-Common-Http
Static Content Web-Static-Content
Standard Web-Default-Doc
Web-Dir-Browsing Directory Browsing
HTTP errors Web Http Errors
HTTP redirect Web Http Redirect
DAV Web Publishing
Web-App-Dev Application Development
ASP.NET Web-Asp-Net
.NET Web-Net-Ext Extensibility
ASP Web-ASP
Web-CGI
Web-ISAPI-Ext ISAPI Extensions
ISAPI Filters Web-ISAPI-Filter
Server Side Inclusions (SSI) Web-Includes
Health and Diagnostics Web-Health
HTTP Logging
Loggers Web-Log-Libraries
Web-Request-Monitor
Web-Http-Tracing
Special logging Web-Custom-Logging
ODBC Logging Web-ODBC-Logging
Web Security
Web-Basic-Auth Basic Authentication
Windows - Web-Windows-Auth Authentication
Web-Digest-Auth Digest Authentication
Authentication with Mapping...Web-Client-Auth
Authentication with Mapping...Web-Cert-Auth
Web-Url-Auth URL Authorization
Filtering Web Filtering Requests
Restrictions on IP addresses and domains Web-IP-Security
Web Performance
Static Content Compression Web-Stat-Compression
Compressing Dynamic Content Web-Dyn-Compression
Management Tools Web-Mgmt-Tools
IIS Management Console Web-Mgmt-Console
Scripting and Controls IIS Web-Scripting-Tools
Management Service Web-Mgmt-Service
IIS 6 Web-Mgmt-Compat Management Compatibility
IIS 6 Web-Metabase Metabase Compatibility
WMI Compatibility in IIS 6 Web-WMI
IIS 6 Web Scripting Services
Management Console IIS 6 Web-Lgcy-Mgmt-Console
FTP Server Web-Ftp-Server
FTP Web-Ftp-Service
FTP Web-Ftp-Ext Extensibility
Host base instance of IIS Web-WHC
AD-Domain-Services
ADDS-Domain-Controller Active Directory Domain Controllers
Identity Manager for UNIX ADDS-Identity-Mgmt
Server for NIS ADDS-NIS Services
Password Synchronization ADDS-Password-Sync
ADDS-IDMU-Tools
Application-Server
Platform. NET Framework 3.5.1 AS-NET Framework
Web Server Support (IIS) AS-Web-Support
Access to COM networks+ AS-Ent-Services
General access to AS-TCP-Port-Sharing TCP ports
Windows Process Activation Service AS-WAS-Support
HTTP AS-HTTP-Activation
Activation via AS-MSMQ-Activation message queue
TCP AS-TCP-Activation
Named Pipe Activation AS-Named-Pipes
Distributed AS-Dist-Transactions
Incoming Remote Transactions AS-Incoming-Trans
Outgoing remote transactions AS-Outgoing-Trans
WS-AT AS-WS-Atomic transactions
Active Directory Lightweight Access... ADLDS
Windows Server Update Services OOB-WSUS
Print-Services Print-Services
Print Server
LPD Print-LPD-Service
Printing over the Internet Print-Internet
Distributed Scan Server Print-Scan-Server
Network Policy and Access Services NPAS
Network Policy Server NPAS-Policy-Server
routing services and remote access NPAS-RRAS-Services
NPAS-RRAS Remote Access Service
NPAS Routing
NPAS-Health Health Registration Center
NPAS-Host-Cred Host Credential Authorization Protocol
Windows Deployment Services WDS
Deployment Server WDS-Deployment
Transport Server WDS-Transport
Active Directory Certificate Services AD-Certificate
Certification Authority ADCS-Cert-Authority
Certificate Authority Enrollment Service Black ADCS-Web-Enrollment
ADCS-Enroll-Web-Svc Certificate Enrollment Web Service
ADCS-Enroll-Web-Pol Certificate Enrollment Policy Web Service
Remote Desktop Services
Remote Desktop Session Host RDS-RD-Server
Remote Desktop Virtualization Host RDS-Virtualization
Remote Desktop Licensing RDS-Licensing
RDS-Connection-Broker
Remote Desktop Gateway RDS-Gateway
Remote Desktop Web Access RDS-Web-Access
Active Directory Rights Management Services ADRMS
Active Directory Rights Management Server ADRMS-Server
Identity Support in ADRMS-Identity Federation Service
AD-Federation-Services
Federation Service ADFS-Federation
Federation Service Proxy ADFS-Proxy
AD FS Web Agents ADFS-Web-Agents
Agent supporting ADFS-Claims
Windows Agent based on ADFS-Windows-Tokens
File-Services
File Server FS-FileServer
Distributed file system FS-DFS
DFS Namespaces FS-DFS-Namespace
DFS Replication FS-DFS-Replication
File Server Resource Manager FS-Resource-Manager
Services for NFS FS-NFS-Services
Windows Search Service FS-Search-Service
File windows services Server 2003 FS-Win2003-Services
FS-Indexing-Service
BranchCache Service for Network Files FS-BranchCache
Fax server
BranchCache BranchCache
Quality Windows Audio Video Experience qWave
RPC over HTTP proxy RPC-over-HTTP-Proxy
Telnet server Telnet server
Windows TIFF IFilter TIFF-IFilter
WINS Server WINS Server
Network Load Balancing NLB
Biometric Windows Biometric-Framework
Internal base Windows Data windows-internal-db
.NET Framework 3.5.1 Features
.NET Framework 3.5.1
WCF NET-Win-CFAC Activation
Activation via HTTP NET-HTTP-Activation
Non-HTTP activation NET-Non-HTTP-Activ
Desktop Experience
Windows Server Backup-Features
Windows Server Backup
Programs command line Backup Tools
WSRM System Resource Manager
Storage Manager for SANs Storage-Mgr-SANS
Windows Integrated Scripting Environment (ISE) PowerShell-ISE
Telnet Client Telnet-Client
TFTP Client TFTP-Client
Internet-Print-Client
DirectAccess DAMC Management Console
Multipath-IO
LPR Port Monitor LPR-Port-Monitor
MSMQ message queue
Message Queuing Services MSMQ-Services
Message Queuing Server MSMQ-Server
MSMQ-Directory Directory Services Integration
Message Queue Triggers MSMQ-Triggers
HTTP Support MSMQ-HTTP-Support
Support for MSMQ-Multicasting
MSMQ Routing Service
DCOM proxy message queue MSMQ-DCOM
CMAK Connection Manager Administration Pack
Subsystem for UNIX-Apps Subsystem-UNIX-Apps
Simple TCP/IP Services Simple-TCPIP
PNRP Protocol PNRP
WinRM IIS Extension WinRM-IIS-Ext
SMTP Server
Internet Storage Name Service ISNS
Windows Process Activation Service WAS
Process Model WAS-Process-Model
.NET WAS-NET-Environment
Configuration APIs WAS-Config-APIs
Wireless service local network Wireless Networking
SNMP-Services
SNMP Service SNMP-Service
SNMP WMI Provider SNMP-WMI-Provider
Services handwriting Ink Handwriting
Handwriting support IH-Ink-Support
Handwriting recognition IH-Handwriting
Funds Windows migrations Server Migration
RSAT Server Remote Administration Tools
Role Administration Tools RSAT-Role-Tools
Active Directory Certificate Services Tools RSAT-ADCS
Certification Authority Tools RSAT-ADCS-Mgmt
AD DS and AD LDS RSAT-AD-Tools
AD DS RSAT-ADDS tools
AD DS Snap-ins and Command Tools... RSAT-ADDS-Tools
Active Direc... RSAT-AD-AdminCenter
Server Tools for NIS RSAT-SNIS
AD LDS snap-ins and command... RSAT-ADLDS
Windows Active Directory Module ... RSAT-AD-PowerShell
Rights Management Service Tools Activ... RSAT-RMS
RSAT-DHCP DHCP Server Tools
RSAT-DNS-Server DNS Server Tools
Fax Server Tools RSAT-Fax
RSAT-File-Services File Services Tools
Distributed File System Tools RSAT-DFS-Mgmt-Con
File Resource Manager Tools RSAT-FSRM-Mgmt
Services Tools for NFS RSAT-NFS-Admin
Hyper-V Tools RSAT-Hyper-V
RSAT-NPAS Network Policy and Access Services tools
RSAT-Print-Services Print and Document Services Tools
Remote Desktop Services RSAT-RDS Tools
Remote Work Session Host Tools RSAT-RDS-RemoteApp
Remote Desktop Gateway Tools RSAT-RDS-Gateway
Remote Work Licensing Tools RSAT-RDS-Licensing
Remote Connection Broker Tools RSAT-RDS-Conn-Broker
Web Server Tools (IIS) RSAT-Web-Server
Windows Deployment Services Tools RSAT-WDS
RSAT-Feature-Tools
Encryptor Administration Tools RSAT-BitLocker
BitLocker Drive Encryption Tools RSAT-Bitlocker-DriveEnc
BitLocker Password Viewer RSAT-Bitlocker-RecPwd
BITS Server Extension Tools RSAT-Bits-Server
Failover Clustering Tools RSAT-Clustering
RSAT-NLB Network Load Balancing Tools
RSAT-SMTP SMTP Server Tools
RSAT-WINS WINS Server Tools
XPS Viewer XPS-Viewer
Remote differential compression RDC
Remote Assistance
Control group policy GPMC
Background Intelligent Transfer Service (BITS) BITS
Lightweight Download Server BITS-Compact-Server
IIS Server Extension BITS-IIS-Ext
BitLocker Drive Encryption BitLocker
SSH/HTTPS/OpenVPN/Telegram and all on the same port?! What?!
- Yes!
- Do you want to hide the availability of certain services?
- In public wifi networks blocking everything except 443 (https) port?
- Have you set up Telegram Proxy / OpenVPN and don't want to “shine” it?
- SSH connecting to your server from censored countries?
There is only one answer to all these questions - Multiplexing SSL/TLS connections, or SSLH.
In this post, we'll look at how in 1 command to hide a bunch of services behind 1 port.
Why?
With the recent release of Telegram Proxy which nearly completely looks like SSL traffic appeared an interesting question in the comments to::
After a cursory check of the capabilities of the sslh application, it seemed to me that it would not be possible to “start”, but I was very interested in this application, and, as it turned out, it is still possible to “start” a snake with a hedgehog.
How?
The SSLH application is a multiplexer, in other words, it analyzes traffic (actually doing mini-DPI work) and depending on the type of traffic, forwards it to the local port 8443/999/991 or any other...Which allows us to use DPI technology for the first time for the benefit of.
A task
For an example of using SSLH, let's set the task:The following applications are installed on the server - Telegram Proxy, Apache, SSH, and we want to launch all these services into the world through port 443.
The server in our example is Ubuntu 16.04.4 LTS, Apache2 + LetsEncrypt,SSH,Telegram Proxy in Docker.
On the this moment, Apache works as expected on it.
Installation & Setup
Install SSLH:sudo apt-get install --no-install-recommends sslh
During installation, you will be asked about the mode of use, there are two of them:
- stable but more resource intensive
- fast, but with loss of connections when the process crashes
Let's check if our miracle works with the following command:
sudo sslh-select -f --listen IP:8443 --tls 127.0.0.1:443 --ssh 127.0.0.1:22 --anyprot 127.0.0.1:9443
IP - external IP of the server
8443 - the port on which our multiplexer will be launched
443 - where Apache lives
Pay attention to the anyprot option - this is where our Telegram Proxy will live, in other words, if the traffic does not fit any type, send it there.
Attention! If your configuration does not include Telegram or SSH, remove extra startup keys.
Let's check?
Open a browser at your server address with port 8443 - you should see a response from Apache, then try to connect via SSH or via Telegram Proxy.Moving Apache to a different port
To migrate Apache from the default port (443) to another one, such as 7443, visit the following files:sudo nano /etc/apache2/ports.conf sudo nano /etc/apache2/sites-enabled/000-default-le-ssl.conf
In the example, Apache+SSL/HTTPS was installed using LetsEncrypt with a different certificate, the configuration files may be in different paths.
autostart
It's time to set up autorun.Let's edit the file:
sudo nano /etc/default/sslh
In field DAEMON_OPTS= add attributes when running sslh-select command, set RUN to =yes.
Let's run:
sudo systemctl start sslh
Let's make sure everything is fine:
sudo systemctl status sslh
What is the result?
After completing this tutorial, you should have a server that has several services available through a single port at once (which ones of your choice).What about OpenVPN? what protocols can the application still know?
At the time of writing, sslh can detect and multiplex the following protocols:[--ssh
Before use, it's better to make sure which protocols it supports your version, (suddenly it's newer) using:
sslh-select -h
Links
SSLH is being developed on github, in this repository: github.com/yrutschle/sslhDocker
I didn’t manage to build a working version of sslh in docker along with all other services, in my opinion it will be interesting docker-compose a file that can be picked up on port 443:- Apache + LetsEncrypt
- telegram proxy
- openvpn (optional)
- Use local SSH
If someone succeeds - write in the comments - we will add it to the article, in my opinion, it will be useful.
