ServerSocket and Firewall

Hi all,

I am trying to figure something out here in regards to the ServerSocket. Say that I create a ServerSocket on port 7500. When a connection is received, Xojo seems to randomly assign each connection its own, unique port. (One connection per port, etc…)

However, is there any way to know which ports that Xojo will pick for the client connections? The reason for asking is that if only port 7500 is open (the other ports are blocked by the firewall), wouldn’t that block the redirected connections?

For example:

  • The ServerSocket is running on port 7500.
  • A client connects and is automatically redirected to some random port number. Say 16000.
  • Another client connect and they are suddenly redirected to another random port number. 8500.

Will the firewall get in the way, or are redirected ports somehow immune to the firewall’s filtering? If the firewall will get in the way, is there a way to specify a range of ports to use?

Thank you,


Presumably it depends on what the firewall s doing. If you have connection attempts blocked on all except 7500, then by the time your server has handed off the connection to another port, what is happening is not a connection attempt, but ordinary traffic.

1 Like

The ‘random port’ is actually the ‘source’ port number of the connection request packet received by the server. The source port is assigned by the client’s IP stack and along with the source IP address forms the source endpoint address. The server simply exchanges the source and destination endpoints when it replies.

Assuming the client and server are on the same segment in the same subnet, the packets on the wire would look something like this.

PACKET                 SRC.                DEST.          
#1 Client1 Connect
#2 Server Acknowledge

Not really. The source port is assigned by the IP stack on the sending host. Packets sent across the internet are likely to have had the source port altered one or more times by a NAT (Network Address Translation) device before reaching the end point.

Port Forwarding is a NAT function that rewrites the ‘destination’ endpoint address, to whatever address you configure. If your app is listening on port 7500, the destination port of packets bound for your app must always be 7500. The packets your server sends in response have the destination endpoint address of the client that sent them and are forwarded by the local NAT device in the same way as other outbound packets.

Strictly speaking, routers and firewalls do not alter endpoint addresses, but NAT does. The proliferation of combined router/NAT/firewall devices given away by ISPs leaves few to appreciate there is a distinction.

1 Like

Thank you! That makes good sense… Much appreciated. :slight_smile: