[lkalliance]

I've rarely tampered with the settings on my OS X firewall, but I had cause to today, and I've got a question.
Here's the setup:
I've got a friend that set up a webcam on her XP machine. The way the software works (she summarized to me) is that it sets up its own little HTTP server on your machine through port 8080. She had to open 8080 on her router's firewall, then she sent me the web address, which was [her ip number]:8080.
So far, so good, that's what I expected.
But when I pointed my browser there, Safari could not make the connection. She suggested that I needed to open port 8080 on my firewall as well.
QUESTION 1: That's not how I understood it...that my browser uses port 80 (right?) and that the data LEAVES her computer via her 8080 and ENTERS mine via 80 (along with other normal Web traffic). Is my understanding incorrect?
To continue, I went ahead and tried it. I went to the Sharing preference pane, went to the firewall, and added a port for 8080 (TCP only, not UDP), gave it a name, and opened it. I did NOT do anything with my Airport Extreme settings (the only port map I have there is routing public port 8000 to private port 8000 on my local machine on the network).
Having done that, the page worked. BUT this was counter to my understanding of the technology, so in part because I wanted to test it out again and in part because it just wasn't important enough to me to leave an additional port open, I closed the port. But the page still comes up!
QUESTION 2: What the fck? (pardon my French)

I logged in and logged out of my account and even subsequently deleted the port entry (rather than just unchecking it); cleared my browser cache (and subsequently tried a different browser anyway)...and it still comes up.


I guess, basically, I want to check my understanding. Which should have been the expected outcome? That I couldn't see the page without port 8080 open on my machine, or that I could* see it without port 8080 open on my machine?

[jdb8167]

This sort of thing can get extremely complicated but probably not in this case. I would guess from your description, that the http://xx.xx.xx.xx:8080 just didn't work the first time for whatever reason. The vagaries of the internet interfered. From your description, your understanding is generally correct though the outgoing port on your machine wasn't 80 it was a random port in a higher range. But that really doesn't matter.
Your outgoing request was sent to port 8080 to her external IP. Your outgoing port was not 8080 but something like 63534 (a random port.) Your OS X firewall allows outgoing traffic that setup a connection without interference. So even though this port is blocked by the firewall, it isn't blocked outgoing. The 8080 port on your Mac or on the OS X firewall has nothing to do with this transaction. Your Airport Extreme works nearly the same way by allowing outgoing traffic and keeping track (NAT routing) of anything that originates on your Mac and back to your Mac when a response is received. (All of this assumes you are using the default OS X firewall rules and that you haven't written your own or used a third party utility. It is possible to block all outgoing ports as well though this isn't very useful in the real world without something to sniff the traffic and open ports as needed.)
Since your Airport Extreme does not allow incoming ports to your Mac except on the one port that you specified there is no chance that opening up 8080 locally made any difference.
I can't think of anything you might have done to change the way the software works on the remote server. There are video chat programs like iChat that need to open two-way communication which does require cooperation of firewalls and routers but in this situation nothing like that is evident. There is nothing in the http protocol that would allow for sophisticated interaction like that.

[lkalliance]

Cool, thanks jdb. I expected that perhaps it was coincidental. Thanks for confirming, and for the detailed response.