How to easily determine, which outbound ports aren’t blocked by firewall

firewallnmap

I'm behind fairly restrictive firewall regarding ports, that can be used for connecting outside. I'm also running service on my remote box, and I want to connect to it.

Problem is, that I'm unable to find out which ports I can access, so I don't know where I can bind the service. (The typical unrestricted ports like 80 and 443 are already used on given machine).

I tried to run nmap -sS behind firewall to scan all TCP ports and wireshark on the second machine to determine SYNs that I receive, but I can see false positives (when I listen with netcat on given port and try to connect, it fails).

Is there any tool that can serve my purpose?

Best Answer

This website comes in handy for that:

http://portquiz.net:1234/

This example tests whether you are able to visit outbound port 1234. You simply change the port number to whatever you like. Also, the site gives some examples that could be used in a command line script:

$ wget -qO- portquiz.net:1234 
Port 1234 test successful!
Your IP: 198.252.206.16

Related Solutions

Networking – How to use OpenVPN through a restrictive firewall

Connections being cut off after a length of time sometimes indicate a bytes-per-second type of limit. Try seeing if slowing down your VPN connection works. Also if you have OpenVPN configured for UDP try TCP (443 UDP may be blocked whereas 443 TCP may go undetected).

Visit a well known site that uses SSL and check the certificate. Then do the same at home. If they don't match then your location is using a transparent HTTPS SSL proxy and can actually see your HTTPS traffic.

It's possible something that isn't port 443 isn't watched so closely. Try 22.

It may sound stupid but try doing it over port 80 and see what you get. You also may try setting up an HTTP tunnel between you and the VPS to make the traffic look like HTTP requests.

If you are feeling insane, try iodine.

Windows – How to configure Windows Firewall to allow all ports in use by IIS Express

There are a couple problems you're running into here. One is that iisexpress.exe isn't actually the process responsible for listening to HTTP traffic. That functionality is implemented in http.sys as a kernel-mode part of the Windows networking stack. (This was done for performance reasons. For more information, see Introduction to IIS Architectures.) Therefore, creating a rule for iisexpress.exe won't do anything.

Secondly, http.sys by default doesn't allow programs running as non-admins listen to other computers. According to Serving External Traffic with WebMatrix, you need to run this command in an administrative command prompt to allow all users to listen to other machines via http.sys:

netsh http add urlacl url=http://MACHNAME:PORT/ user=everyone

Replace MACHNAME with the hostname that will be used to contact the site and PORT with the traffic's port. I have read that using * instead of a specific hostname lets it listen on all names/interfaces, but I have not personally tested that, and some documentation uses + instead. Either way, once you've set the ACL, you can then create an inbound firewall rule for the port.

Further reading: Configuring HTTP and HTTPS.

Side comment: There's an actual environment variable that points to the 32-bit version of Program Files: %PROGRAMFILES(X86)%. (The path wasn't your problem, though.)

Best Answer

Related Solutions

Networking – How to use OpenVPN through a restrictive firewall

Windows – How to configure Windows Firewall to allow all ports in use by IIS Express

Related Question