TCP/IP: Ports And Firewalls Explained

This article defines and describes two software components associated with TCP/IP networks: ports and firewalls. The article also explains the relationship between the two.
Ports

A port is a number used to uniquely identify a transaction over a network by specifying not only the host, but the service. For example, you may have a single network server running many different IP services, such as Web service (HTTP), mail service (SMTP), LPD, AFP over TCP, and file transfer (FTP). When clients attempt to connect to your server they need your IP address, but the clients also need to indicate which service they want to communicate with so that the data can be sent to the appropriate server application. The port number is what uniquely identifies that service on that host.

For example, the default port number for SMTP is 25 and the default for HTTP is 80. If a packet comes in to host "asip.company.com" port 80, then the data is transferred to the HTTP web server. If the packet is going to port 25, the data is transferred up to the SMTP mail server.

Each host can only have one application "listening" on each port. This means that you couldn't have AppleShare IP Web Service and Personal Web Sharing both operating on the same computer unless you changed the port number for one of them (Personal Web Sharing 1.5 gives you the option to change the port number).

The port numbers used are often transparent to the end user; the client software will specify the port number. However, sometimes the user can override the defaults. For example, if you changed your Personal Web Sharing control panel so that it was using port 8080, then users could specify that port number in their URL to make a connection to Personal Web Sharing instead of AppleShare IP Web Server. The URL would look like this:

http://asip.company.com:8080

Firewalls

Port numbers are often used in creating "Firewalls", which provide security on a network. For example, if you didn't want anyone outside of your intranet to be able to access your web server, you could set up a firewall that would prohibit any packet destined to port 80 (the port assigned to your web server) from passing through your routers. Or you might set up a firewall to prevent all packets except those destined to port 25 to pass; this would allow SMTP (mail) service for your intranet, but nothing else. Firewalls can also be set up in other ways, such as allowing or refusing access based on the network number of the source computer.

 Related Documents

106439 "Well Known" TCP and UDP Ports Used By Apple Software Products


Published Date: Feb 20, 2012