From owner-freebsd-questions@FreeBSD.ORG Thu Sep 13 03:19:56 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02ACE16A417 for ; Thu, 13 Sep 2007 03:19:56 +0000 (UTC) (envelope-from phatbuckett@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.186]) by mx1.freebsd.org (Postfix) with ESMTP id DA88F13C469 for ; Thu, 13 Sep 2007 03:19:55 +0000 (UTC) (envelope-from phatbuckett@gmail.com) Received: by rv-out-0910.google.com with SMTP id l15so244779rvb for ; Wed, 12 Sep 2007 20:19:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=wmS5/Gmyq6qsm45oSLTnMeL4r04mEsqETpGEPy4XgH0=; b=Bo3QQxw2oTxkeFHuWGx1tQD5LTBLt/EhsuHJnLGqC0m/kWcsX9eNC0hRRBOmIsmHX5/1Vz3yi2x8IS4woOkxUDAr0NjKjMPug0OayDXo/KqGogs+G1/T1wVMVK/cCjQ/0LytXVHwyX2AD8lU9o3KoEQe5K5wdSI/kLL8eD5oIQ0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=L3D0nPwfqbzaxN31FfWjZz2VsspweqHZGrd4BcqS8sw5cf/6vvJF7Je4VlmySiOZUZVAkejQh4fmw9SJFlzrmBkSC3J/RsEqgvtzf08m9DrefmIuqohru9XReHpgSaAmheC4MOVf8JTx2w0gKH6jJpXODPZVnJglV6yS3WSb0j0= Received: by 10.114.209.1 with SMTP id h1mr202317wag.1189653595309; Wed, 12 Sep 2007 20:19:55 -0700 (PDT) Received: by 10.114.178.17 with HTTP; Wed, 12 Sep 2007 20:19:55 -0700 (PDT) Message-ID: <839aec700709122019y14369b78vca927002b1f624ca@mail.gmail.com> Date: Wed, 12 Sep 2007 20:19:55 -0700 From: "Darren Spruell" To: "Reid Linnemann" In-Reply-To: <46E8162A.7090206@cs.okstate.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <015a01c7f54f$fbf04ec0$0700020a@mickey> <200709120814.48051.beech@freebsd.org> <46E8162A.7090206@cs.okstate.edu> Cc: Don O'Neil , Beech Rintoul , freebsd-questions@freebsd.org Subject: Re: Strange port 80 access problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2007 03:19:56 -0000 On 9/12/07, Reid Linnemann wrote: > Written by Beech Rintoul on 09/12/07 11:14>> > > It's very possible that your ISP is blocking port 80. It seems more > > and more of them are doing that with home subscribers. I know someone > > who has service with one of the large telcos and they not only block > > port 80, but mail and ftp as well. They told him if he wanted to run > > servers he would have to subscribe to business service at 5X the cost > > of residential. > > > > I've had a similar experience with COX Communications in the US midwest. > They block http, https, alternate http ports like 8000 and 8080, smtp, > and I think pop and imap/imaps. I'm sure part of the reason for this > paranoid behavior is to protect their networks from saturation from bots > and whatnot, but part of me thinks they just want to stick it to their > customers whom they view as pesky annoyances rather than valuable > consumers. I circumvent these hassles by boring ssh tunnels to the > services I need access to on my home machines. This is a stopgap until I > get time to fiddle with openvpn. It might depend where you are on their network, but there's some inconsistencies with the blocking. Port 80 is blocked, but port 443 is allowed. Port 25 is blocked, but 587 is allowed. 135, 137, 139, and 445 are blocked. 8080, 8081, and 10000 get through to my network. Most "other" ports are allowed by default. Like it or hate it, it's a control designed to support their subscriber AUP, which states pretty plainly that customers are forbidden to "host servers" on the home user accounts (http://www.cox.com/policy/ #6). Business lines have such restrictions listed and allow hosting services by policy, and puts the burden of "security" on the customer rather than attempting to enforce by technical means. DS