6 of this minibook, so hold tight.
Ports are represented by 32-bit numbers, so they range from 0 to 65535. There are three ranges of port numbers:
0 to 1023: These are called well-known ports, and they’re used for the widely used services available on the Internet. Refer to Table 3-6 for a list of some of the most popular well-known ports.
1024 to 49151: These are called registered ports, and they’re assigned by the Internet’s governing authorities to various service providers. For example, Apple’s iTunes uses port 3689 and Adobe’s Media Server uses port 8134.
49152 to 65535: These are called dynamic ports, private ports, or ephemeral ports. These ports cannot be registered and are used only for a specific communication.
TABLE 3-6 Well-Known Ports
Port | Description | Port | Description |
---|---|---|---|
20 | File Transmission Protocol (FTP) Data Transmission | 110 | Post Office Protocol (POP3) |
21 | File Transmission Protocol (FTP) Command Control | 119 | Network News Protocol (NNP) |
22 | Secure Shell | 123 | Network Time Protocol (NTP) |
23 | Telnet | 143 | Internet Message Access Protocol (IMAP) |
25 | Simple Mail Transport Protocol (SMTP) | 161 | Simple Network Management Protocol (SNMP) |
53 | Domain Name System (DNS) | 194 | Internet Relay Chat (IRC) |
80 | Hypertext Transfer Protocol (HTTP) | 443 | HTTP Secure (HTTPS) |
Understanding Network Address Translation
Nearly all firewalls use a technique called network address translation (NAT) to hide the actual IP address of a computer on the local network from the outside world. When that’s the case, the NAT device must use a globally unique IP address to represent the computer to the Internet. Behind the firewall, though, the computer has a private IP address. When packets cross the firewall, the NAT device translates the private IP address to the public IP address and vice versa.
NAT is one of the foundational techniques that enables the Internet to work. It’s the way an organization can have dozens, hundreds, or thousands of computers on its network without requiring a separate public IP address for each computer. Instead, each organization has a relatively small number of public IP addresses that are assigned to the public-facing interfaces of its firewall(s). NAT enables all the computers behind the firewall to communicate with the Internet, piggybacking on the public IP address of the firewall itself.
Consider what typically happens when a user sends a request to a local HTTP server — that is, an HTTP server that is on the same network as the user. Let’s assume that the IP address of the local HTTP server is 192.168.0.100, and the IP address of the user’s computer is 192.168.0.50. What happens is this:
1 The user’s computer sends an HTTP request in the form of an IP packet with the following address information:For the source, the transport protocol is TCP, the IP address is 192.168.0.50. The port number for the source is chosen by client and is typically a high port number. For this example, I’ll use port 45444 for the source port.For the destination, the transport protocol is TCP, the IP address is 192.168.0.100, and the port is 80.
2 The HTTP server receives the request, processes it, and sends back an HTTP response in the form of an IP packet with the following address information:For the source, the transport protocol is TCP, the IP address is 192.168.0.100, and the port is 80.For the destination, the transport protocol is TCP, the IP address is 192.168.0.50, and the port is 45444 (the port that was chosen by the client).
This won’t work if the user wants to send a request to an HTTP server on the Internet, because the IP address of the user’s computer is a private address, not a public address. So, the HTTP server won’t be able to send a response to 192.168.0.50 because such an address doesn’t exist on the public Internet.
That’s where NAT comes in.
The magic of NAT is handled by the firewall itself. The basic idea of NAT is that the firewall maintains an internal table of outgoing packets so it can remember which computer in the local network has requested information from sites on the public Internet. Because more than one computer may make requests for information from the same Internet site, NAT exploits ephemeral ports (see the preceding section) to keep things straight.
Let me walk you through an example. But first, let’s assume that the firewall in this example has the following IP addresses:
Outside IP address (public): 75.68.10.201
Inside IP address (private): 192.168.0.1
Let’s also assume that the HTTP server is at 99.84.206.125 (which happens to be Wiley’s web server), and a user whose private IP address is 192.168.0.50 uses a web browser to request information from the HTTP server. The HTTP request will have the following address information:
Source IP: 192.168.0.50
Source port: 45444
Destination IP: 99.84.206.125
Destination port: 80
Here’s how it works:
1 The firewall sees this packet and realizes that it must substitute its own IP address (let’s assume 192.168.0.1).
2 The firewall selects a random port number from a pool of ephemeral port numbers, which it will use to keep track of the request.For example, let’s say it picks port 42003.
3 The firewall records the following information in its NAT table for this request:Source IP: 192.168.0.50Source port: 45444Destination IP: 99.84.206.125Destination port: 80Temporary port: 42003
4 The firewall modifies the packet by substituting its own public IP address for the source IP and the temporary port for the source port.
5 The firewall sends the modified packet to the public Internet.The modified packet contains the following information:Source IP: 75.68.10.201Source port: 42003Destination IP: 99.84.206.125Destination port: 80
6 A few seconds later, the firewall receives an incoming HTTP response message with the following address information:Source IP: 99.84.206.125Source port: 80Destination IP: 75.68.10.201Destination port: 42003
7 The firewall peruses its NAT table and finds that this response matches the entry it recorded in Step 3.
8 The firewall retrieves the original source IP address and port from the NAT table and substitutes it for the destination