Source Ports restriction in the "common internet services"

Discussion in 'LnS English Forum' started by Nach, Jan 28, 2005.

Thread Status:
Not open for further replies.
  1. Nach

    Nach Guest

    hi all !

    I recently encountered some issues trying to browse the web, because LnS "common internet services" rule restrict the source port between 1034-5000.
    And in fact my browser (firefox ... but it's the same with iexplorer) need to open ports superior to 5000 to browse...

    So I was wondering if that was normal that my don't wanna use the common 1024-5000 range and also if it doesn't expose my to any security issue to extend the internet rule to the ports 1024-65535 o_O

    Txxs in advance for you answers !

  2. Xyzzy

    Xyzzy Registered Member

    Jan 11, 2005
    Maybe the best solution would be to broaden range of ports for "Common internet services", fe. IRC uses most often 66xx, web browsing 8080 etc.
    Just change the upper rage of the limit to about the highest port you are going to use.
    If there are just 1 or 2 ports you need to use, just create additional rule.

  3. Phant0m

    Phant0m Registered Member

    Jun 7, 2003
    I believe Nach is in reference to source ports with that rule using temp range (1024-5000), not everyone but some user's systems will use beyond the temp range. ;)
  4. Nach

    Nach Guest

    txxs for that fast answers !

    I've done as you adviceed me, so I actually extend the "TCP : Authorize most common Internet services" rule source port from 1024-50000 to 1024-65535.
    But isn't it a bit dangerous cause now, I have all that range exposed to scan and exploits ...? 8-|

    An what you think about the fact that my browser wanna use port >50000 while ports in the 1024-5000 range are available (I can check it thanxx to Active Port ) other words, how port allocation is managed in windows XP ?

    I'm using Windows XP SP2 and LnS 2.05p2 <-- which rulezzz !!!!

    Txxs in advance !

    PS: you can find the very good (cause free !) ACTIVE PORT @ :,39021313,11010004s,00.htm
  5. Thomas M

    Thomas M Registered Member

    Jan 12, 2003

    This general rule is deactivated in my LnS, since I created specific rules for each of my applications.
    So when it comes to browsers I have one rule, which remotely allows ports 80,443 and 2 more ports :rolleyes: . This rule is specific for my browser.exe, and the range for local ports is indeed 1024-5000. So far I never needed higher port numbers.

    It could become a problem, if you use FTP with your browser. FTP "passive mode" might be a solution.

    Thomas :)
Thread Status:
Not open for further replies.