It’s the one thing when I’m configuring things that makes me wince because I know it will give me the business, and I know it shouldn’t, but it does, every time. I have no real idea what I’m doing, what it is, how it works, so of course I’m blindly following instructions like a monkey at a typewriter.
Please guide me into enlightenment.
Maybe think of it like one of those big walls of post office mailboxes…behind the wall is your computer and an app might be waiting for a message at box 22 or box 45678. You could close all the boxes and nothing could get in, or you could open one or all of them and allow people to deliver messages to them.
If you connect your computer directly to the internet, anyone who knows your IP address could say 'deliver message X to port 22 at ip address <your ip address> and the program watching that box would get the message.
If you put a router in the mix, and multiple computers, the router has the same block of boxes, but if someone sends a message to one of the boxes it just sets there. If you set up ‘forwarding’, sending a message to your ip address gets the message to the router, but if you forward box 22 from your router to a specific computer on your network, then the router takes a message at box 22 on itself and ‘forwards’ it to box 22 on whatever computer you specific (using internal ip addresses).
You could map box 22 on your router to any other box on your computer…like port 22 coming into your router might get sent to port 155 on your computer…this is useful if you don’t want external people just exploring and lazily breaking into your computer using known vulnerabilities. Lots of ports are ‘common’, so an ftp hack on port 22 is easy, and might be ‘slightly’ harder if you tell your computer to actually look for ftp traffic on port 3333 or something.
The one statement “using internal IP addresses” has clarified something to where I’m actually excited to try working on a long-standing problem.
But how come I’ll get instructions from a program that I have to allow ip “bla.bl.b.blah:80” when that number isn’t my IP? Then I go on my router and do it and the program doesn’t work/port isn’t open? Those kind of problems kill me.
This is a really old message, but if you’re still having the same question i could try to answer, but that kind of message is pretty context dependant. For that specific one, it sounds like your program is trying to access something outside your network, like they have a website they need to access to check for updates or something.
I’m trying to remember the context. I think it was when I was putting in the -arrs, but that doesn’t seem right. If I remember the exact circumstance I’ll pm you, thanks for responding.
Without invoking any analogies, a port is just a number. When an application on your computer sends or receives data, there is a port number associated with it. A server-side application listens for data with a particular port number, and a client side application needs to send data with the same port number to communicate with the right server application. The operating system uses the port number to route incoming data to the right application, and it ensures that only one application at a time can use any given port number.
Some port numbers are assigned to specific protocols (by IANA, I believe), like 80 for HTTP and 443 for HTTPS, so when you see a URL, the default port is usually implied by the protocol, but it can always be specified. For instance, https://google.com is equivalent to https://google.com:443. For more obscure protocols without assigned port numbers, you’ll usually see the port number in a URL, and this tends to happen in the same scenarios where you don’t have a domain name, so you’ll also see an IP address in a URL. It also happens when you need to run more than one of the same kind of server on a single machine. For example, when developing an HTTP server app, it’s customary to use port 8080 or 8888 to distinguish it from the “official” server app on the same machine using port 80, so your development server app will have a URL that looks like http://192.168.0.1:8080.
Typically ports 0-1023 are reserved by the operating system for programs set up by an administrator, and ports starting at 1024 up to a maximum of 65535 are available to any user, so they’re perfect for, say, a Jellyfin server or an app you’re developing. If someone gives you a URL with a port number, especially if it’s above 1023, make sure you trust the owner of the URL, because it can be a giveaway that someone is doing something shady.