It’s fairly often that a client will call and suggest that a software or hardware vendor needs them to “open a port” for their product to work. This is at best a misleading request and at worst a meaningless request as far as most smaller businesses are concerned.
The problem is, there are two sides of this equation 1) the port being “open” on the router and 2) a device inside of the network that accepts connections on that port. It is truly meaningless to have a port “open” if there is nothing to connect to on that port. Consider the description of open ports from Wikipedia:
“Ports are an integral part of the Internet’s communication model — they are the channel through which applications on the client computer can reach the software on the server. Services, such as web pages or FTP, require their respective ports to be “open” on the server in order to be publicly reachable.
The above use of the terms “open” and “closed” can sometimes be misleading, though; it blurs the distinction between a given port being reachable (unfiltered) and whether there is an application actually listening on that port. Technically, a given port being “open” (in this context, reachable) is not enough for a communication channel to be established. There needs to be an application (service) listening on that port, accepting the incoming packets and processing them. If there is no application listening on a port, incoming packets to that port will simply be rejected by the computer’s operating system.”
Almost all business networks use Network Address Translation (NAT) to share an internet connection. With NAT all of the computers on your network can use a single Internet connection and its associated IP address. For an “open port” to work on a router, some computer on the network has to do something with that port but, which computer? How does the router know? Enter Port Forwarding.
Port Forwarding is often what people mean when they say that a port needs to be open. PC World describes it like this:
“Your router stands between your devices and the internet, making sure that data coming in and going out is directed properly. Imagine your router as a wall that keeps out unwanted and harmful traffic while opening ports to permit useful traffic such as webpages, games, and file-sharing programs. Ports are like doors in the wall reserved only for useful traffic, and your router does a good job of automatically configuring most of the ports you need to safely use the internet. In some cases, however, you need to tell your router to open up a certain port so a program won’t be blocked. This is called port forwarding…”
Using Port Forwarding, a device on the network can provide services to devices on the Internet. Both the port and device are defined in the router.
If devices on the network are blocked from accessing ports on servers on the Internet, Port Triggering can be used to solve the problem. Again, this isn’t “opening a port”, it is a way for the router to dynamically track which device on the network is using the port. Clear as mud? This might help:
“Port Triggering sets up the router so that computers can access public services outside the network or on the Internet, such as web servers, File Transfer Protocol (FTP) servers, email servers, game servers or other Internet applications.
Another instance when you can use Port Triggering is when you can’t download files while connected to a Linksys router. This process of downloading files is called an FTP request. An FTP request uses Port 20 and Port 21, which by default, are closed in a Linksys router. Since the computer is connected to a Linksys router, both ports 20 and 21 have to be triggered by enabling Port Triggering.“
“Port Triggering is an advanced feature that can be used for gaming and other internet applications.
It is essentially a port forwarding rule (inbound firewall rule) that is not constantly active, but only becomes active when it is “triggered” by detecting certain specified outbound packets.“
It is possible that someone asking for a port to be opened means that they want a port forwarded. They may also want a port triggered — although NAT usually doesn’t require it. They may also be drawing at straws because something isn’t working and they know that port X is being used by the software or hardware.
With all of this said, opening a port on a server where the port is actually in use it completely legit. The difference is, the server firewall doesn’t have to send network traffic anywhere else, the service using the port is on the server itself. There is still the question of Internet access of that port (if needed) however that brings us right back to the router question.
So, in closing, if someone tells you that you need to “open a port” for something to work, you need a whole lot more information. On what device should the port be “opened”? What device listens on that port? Is this an inbound or outbound connection?
Without answers, the request is meaningless.