cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why are ports 80 and 443 still closed?

rumpel
Just Moved In
I was considering switching from Shaw which allows people to run web servers on their network, but recently has jacked up their fees. However, I just learned that Telus is still blocking essential ports. It sells it as "security feature", but anyone can run web servers on other ports. So, blocking just annoys users because they have to add a port number to the URL. It can't be Telus' concern about increased data volume, either, because then they would close P2P ports as well. So, why exclude a small set of potential customers who'd like to run not-for-profit web services, and presumably know what they are doing w.r.t. keeping up their service's security measures. It looks to me as if Telus wants such people to sign up for their business service, which is hardly justified if they don't make money off their web service.

Any thoughts on how to entice Telus to stop blocking essential ports on their personal internet service? Is not getting new customers from Shaw because of it not sufficient?
14 REPLIES 14

NFtoBC
Community Power User
Community Power User

As one of the managers of a Registered Charity, I too, would like to obtain telecommunications services at the residential rate, rather than the business rate. However as a non-residential address and use, we are obligated to purchase business services. If you want to run a server for purely personal purposes, such as a webcam or file server, I believe these ports are available to you. Running an HTTP server, however, is more likely to be a commercial enterprise, and therefore blocked. Telus still provides a small web space for personal pages for those who are not wanting to use another provider for a web presence.


If Shaw residential Internet service meets your needs for less cost than Telus Business rates, then by all means stay with your current provider.

NFtoBC
If you find a post useful, please give the author a "Like"

Kolby_G
Ambassador

@NFtoBC "Running an HTTP server, however, is more likely to be a commercial enterprise, and therefore blocked."


Except that it's not anymore. Tons of people I know have websites. I have 3 for myself, 2 hosted on Digital Ocean as I needed them on port 80, and 1 on my home connection because the port was not important.


IMO not for profit sites should be allowed to be hosted on a home connection. Blocking standard ports for any reason may have been acceptable a few years ago but now it is not. Blocking 443 is especially nasty as there are other apps other than web servers that use that port, some are designed for home use.


Claiming they are blocked for security purposes is honestly BS, 99% of users use the router telus provides, which has firewall on by default. Yes I realize UPNP can port forward some of those ports, but that would also require them to be allowed in the OS firewall, which every OS has. Those that need to use those ports will know how to configure them properly.


If the port is being abused by someone for profit then sure, block it for them and suggest they switch to a business account. For a home user, hosting a personal site or using an application that makes use of port 80 should not be blocked.


@NFtoBC "If you want to run a server for purely personal purposes, such as a webcam or file server, I believe these ports are available to you."


Except that port 21 (ftp) is also blocked, how many people nowadays have a NAS? This is also unacceptable, c'mon Telus, it's 2015.


I have 12 devices in my house that use port 21, 6 of which are intended for use from anywhere on the internet. Most I have set to non standard ports, unfortunately one of them I can't and if I didn't have a VPN setup I would not have access to this device.


Another port that is really annoying is 25 (smtp). Yes, I get it, it can be used for spam, however it's not hard to detect misuse for something like this. If this port constantly has traffic, flag it and block it for spam.


Some of these ports I would have understood when there were no data caps (21, 137-139). But now that data caps are enforced there is no excuse to block these.

Has anyone heard any updates on getting port 80 unblocked? Port 443 seems to work for me no luck with 80 though…

Telus won't unblock them. They'll try to up sell you to a "business" line

You will need a business account PLUS a static IP address to get the ports unblocked. A static IP address is an extra fee (currently $12 monthly).

valiaig
Advocate

No kidding! 

I will tell you even more. Port 80 even blocked internally  AND there is no ability to add LOCAL and NOT INTER LOCAL DNS to be able to create websites locally and overrule port 80 block... 

Nighthawk
Community Power User
Community Power User

Port 80 is blocked on Telus' end for any connections coming in to your modem on port 80, which you cannot override. DNS has nothing to do with port blocking. Nothing is stopping you from having a website on your local network to be accessed from within that network. Any router, NAS etc that you have on your home network is usually accessed on port 80 and you can access them from your internal network.


If you find a post useful, please give the author a "Like" or mark as an accepted solution if it solves your trouble. 🙂

Telus cant block ports on your internal network. You probably have a firewall rule in place on the server that isn't letting the traffic through. If you want local DNS to work, you need a local DNS server. I'm not sure if the Telus routers are capable of this, but if you have a webserver you can make a proper DNS server too.

 

On the server:

Set whatever application you want, to listen on port 80 (for a website this will probably be apache or nginx).

Allow the application or port through the firewall on the server.
Install and setup a DNS server (BIND, DNS on Windows Server, etc) and configure the domain accordingly (Google is your friend).
Allow the DNS server or ports (usually 53) through the firewall as well.

 

On the clients:

Set the DNS server to whatever internal IP your "server" is listening on. as a secondary choose either your router's IP, 8.8.8.8 or blank.

Navigate to http://example.local (or whatever your internal domain is)

 

You *may* be able to skip the DNS setup and instead just add a record on your router, I've never used the routers Telus provides so I have no idea what their capabilities are.

http80
Just Moved In

why are they still closed?

 

i just paid almost 1000 for home webcam system, the firmware is prebuilt to run on port 80. im not going to change it. I wrote to the camera support line they said there is nothing they can do and it has to with TELUS.

 

Telus techs have no clue about port 80 when i called in.

They started talking about shipping ports and asked if i was trying to track my order.

The is not 1996 anymore we need port 80 opened all ports should be opened


Even microsoft has https://en.wikipedia.org/wiki/Microsoft_Personal_Web_Server  

Although I agree that these ports really shouldn't be closed, any decent router is capable of redirecting ports. Just use 80 as internal and 8080 as external.

samiam
Coach

Shaw may not block the ports but I don't think the terms of service allow you to legitimately run a server or any kind of public access hosting on a residential plan.  At least that was the way it used to be.

WestCoasterBC
Community Power User
Community Power User

@samiam that policy still holds true today.


@samiam wrote:

Shaw may not block the ports but I don't think the terms of service allow you to legitimately run a server or any kind of public access hosting on a residential plan.  At least that was the way it used to be.


Might be a policy but it was never enforced. Back when I was with Shaw I had a few personal sites and various other services running on public facing ports for around 5 years. Then I setup a VPN and haven't needed to worry about ports since.

Back from 2007-2010 I ran a home webserver using Apache2 on Ubuntu on a Shaw residential connection.

 

My family moved to business for Shaw's own domain email hosting but I never heard a peep from them while on residential.