Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently installed a webserver on my box without realising that my dsl ISP has a policy of blocking incoming attempts to access port 80. So I did what a lot of people do and worked around it by using a different port for apache to bind to. It works even if my DNS is a little more messy.
I don't feel too good about it since I probably signed a contract with the ISP agreeing not to do it, but I have a couple of questions before I look into getting a static IP.
1. Is there any reason for an ISP to block port access other than to try to force the consumer to upgrade their connection?
2. Is it legally sound for an ISP to ask for this in the contract? - ie are there good grounds for fighting a legal case to try to stop an ISP from blocking access to certain ports, something along the lines of 'hey, I bought the bandwidth and I'll do with it what I like, so long as there's no harm to anyone else'?
In answer to question 1: One reason is that a lot of people run a web server without any understanding of how to secure it or even how to monitor it. ISPs blocking port 80 can stop some of the worms that look for vulnerable web servers from spreading to their customers.
I'm no lawyer so I can't answer question 2. My ISP gives me the option (at no charge) of blocking or allowing ports like 80 & 25. Since I choose to unblock them, it's my responsibility what happens to my PC.
If you are blocking port 80 as your contract requires you
to do then I see no reason why you should worry about
this. Your contract doesn't require not to listen for
incoming connections on other ports so I don't see any
reason for you to be concerned (ethically or legally).
The breach of contract is nothing to do with port 80 really, other than the fact that that's the port that's usually associated with http.
Some ISP's (my own included) have a clause in their contract forbidding the customer to use their connection for the purpose of web servers, file servers etc. I think the port used is irrelevant in this case.
I don't understand the worms argument too well. Sure it would be nice to have fewer worms on the internet, but what is the percentage of overall damage insecure home webservers incur to the internet community at large compared, say, to the damage caused by the many people who run insecure connections generally, without any routers and with crappy (or no) firewalls? Perhaps we should advocate disconnecting these people's services on the grounds of improved general security (I wouldn't be totally against this btw).
And in any case, a $100 static IP connection with webserver can be much less secure than a $30 dynamic connection with webserver, if the $100 connection has a poor network adminstrator as its weak link.
I think that the main motive for ISP's attempts to block webserver traffic on less expensive broadband services is probably financial.
Aren't we talking about the same thing here? At least the same result but with different motivations?
The cost of web servers infected by worms is part of the overall damage that insecure web servers incur to the community at large. Doesn't disconnecting these people have no more benefit than if they couldn't run the service in the first place because the port was blocked?
I'm sure that ISPs are happy that they get a financial benefit out of charging more for allowing access to blocked ports. But it does have a deterrent value - a lot of people aren't able (can't afford) to run a web server (or more accurately, a malware farm) and I'm very happy about that.
1) There is a number of reasons why ISP's block this port. One is as mentioned in a previous thread, to make their network less vulnerable to worms. Another is to prevent any impacts on their service offered to their customer base. Ie it wouldn't be fair that an insecure web server caused problems with my connection for example.
2) I am no lawyer but the reason they can and do block this port is to protect the service they offer (maybe sometimes to make you upgrade). If your contract makes no mention of running this service on another port then it may be safe to do this but personally, I would upgrade or go with an ISP who allows port 80.
You may not use the Broadband Service to host any type of server personal or commercial in nature.
Taking the statement literally, presumably this would also mean that technically I shouldn't run programs such as emule and skype or anthing else which serves files or content? This begs the question - why do I have 768 kb/s of generally unusable upload bandwidth?
Anyway, we're not short of ISP's around here, I'll check out my options.
Well the upload bandwidth you had would be good for Web Cams, and speaking via a mic over the internet. It would also be good for playing online games.
Still I think it does suck a little that you can't run a webserver or even server for that matter.
Definately time to switch to a different provider.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.