It’s the one thing when I’m configuring things that makes me wince because I know it will give me the business, and I know it shouldn’t, but it does, every time. I have no real idea what I’m doing, what it is, how it works, so of course I’m blindly following instructions like a monkey at a typewriter.

Please guide me into enlightenment.

  • dnick@sh.itjust.works
    1·
    6 months ago

    Maybe think of it like one of those big walls of post office mailboxes…behind the wall is your computer and an app might be waiting for a message at box 22 or box 45678. You could close all the boxes and nothing could get in, or you could open one or all of them and allow people to deliver messages to them.

    If you connect your computer directly to the internet, anyone who knows your IP address could say 'deliver message X to port 22 at ip address <your ip address> and the program watching that box would get the message.

    If you put a router in the mix, and multiple computers, the router has the same block of boxes, but if someone sends a message to one of the boxes it just sets there. If you set up ‘forwarding’, sending a message to your ip address gets the message to the router, but if you forward box 22 from your router to a specific computer on your network, then the router takes a message at box 22 on itself and ‘forwards’ it to box 22 on whatever computer you specific (using internal ip addresses).

    You could map box 22 on your router to any other box on your computer…like port 22 coming into your router might get sent to port 155 on your computer…this is useful if you don’t want external people just exploring and lazily breaking into your computer using known vulnerabilities. Lots of ports are ‘common’, so an ftp hack on port 22 is easy, and might be ‘slightly’ harder if you tell your computer to actually look for ftp traffic on port 3333 or something.

  • 520@kbin.social
    0·
    6 months ago

    Imagine your computer is a big block of flats and your applications are all people who live in the building.

    Mail sent to the building address alone isn’t going to reach the intended recipient, because the postman doesn’t know what flat to post it to. So they need additional information such as ‘Flat 2C’

    That’s the basic concept of ports. It’s basically additional addressing information to allow your computer to direct internet traffic to the correct applications.

    When an application is actively listening on a port, it means that they are keeping an eye out for messages addressed to them, as designated by the port number. While an application is sending or receiving messages using a given port number, that port number is considered ‘open’.

    Now, all sorts of applications do all sorts of things. Some are for the public to use and there are some that are useful within trusted circles, but can be abused by malicious people if anyone in the world can send messages to it. Thus, we have a firewall, which acts as a gatekeeper. A firewall can ‘block’ a port, denying access to a given group of people, or ‘unblock’ it, allowing access.

    VPNs are a totally different thing. They are literally middlemen for your internet traffic. Instead of directly posting a message to somewhere and receiving a direct reply back, imagine you flew out to Italy to use a post box there and receive replies from there.

    • jordanlund@lemmy.world
      0·
      6 months ago

      To expand on that analogy… certain services need entry into the building and then from there, they get distributed throughout the building.

      Water comes in on the water line.
      Electricity comes in on the electric wire.
      Internet may come in on coaxial or fiber.
      Gas comes in on the natural gas pipeline.

      Your computer has ports to deal with basic tasks. These are called “well known port numbers”.

      https://www.geeksforgeeks.org/50-common-ports-you-should-know/

      So while, in theory, you COULD get email in on a non-email port, that wouldn’t be expected and would be like feeding water through a natural gas line.

      • Zagorath@aussie.zoneEnglish
        0·
        6 months ago

        Just reading that URL and I’m sorry (to the author of that article), but there’s no way there are 50 ports “you should know”. 443, 80, 22, and that’s about it. Maybe whatever the SMPT port is just for interest’s sake, but that’s very rarely going to be important practical knowledge. And there are some ports outside the well-known port range that might be handy. Your VPN’s port, your DB’s port. But even then, you’re not getting anywhere near 50.