Personal Firewalls and Opening Ports

David.O.Hamilton| October 28, 2008

Here is yet another way to configure a personal firewall when other methods to enable a network printer fail to work. This one deals with opening a “port”. So first let’s first talk about what a port is. A port is simply a number that is used like an address. As an example, let’s look at what happens when a PC wants to print to a printer on the network, and assume that the PC already knows the network address of the printer. The PC makes a request to talk to the printer on a specific port number, and it includes its "return address" in the form of a port number that the printer should talk back to the PC using.

The printer “listens” for incoming requests on a number of different ports where each port has a specific purpose. For example, the printer has a specific port for printing that is always port number 9100. If a PC wants to send something to the printer for it to print, the PC knows to send the data to port number 9100 on the printer.

Allowing communication on a port number is often called “opening” the port so naturally blocking communication is sometimes called “closing” it. However, the terms "allow" and "block" are also used. By the way, you might hear the phrase “punch a hole in the firewall" when you are talking to someone about firewalls. Don’t be alarmed. Although “punching a hole” may sound risky or even violent, all it means is allowing communication to or from that specified port number. Just consider it part of the colorful language that networking geeks like to use.

Personal firewalls have rules about what ports they allow network connections to use, and often distinguishes between “incoming” and “outgoing” port numbers. When a port number is used as an address on the PC that other devices on the network might try to send data to, it is called an “incoming port” because data is coming into the PC from other devices. Similarly, when a program on the PC tries to send data to another device, the port it tries to send data to is called an “outgoing port” because data is going out from the PC to the other device.

Let’s look at that printing example again. The PC is sending data to the printer on port 9100. Since the data is going out from the PC, this is outgoing port 9100. To ensure that the firewall won’t block the PC from sending print data to the printer, it needs to know that it is ok to allow communication on outgoing 9100.

I hope this isn’t getting too complicated because there is just one more thing to know. There are two most common types of network communication. One is called “TCP” and another is called “UDP”. If you want to learn more about what TCP and UDP are, you can read the following, but for the purpose of managing a firewall you just need to know the names TCP and UDP

http://en.wikipedia.org/wiki/User_Datagram_Protocol
http://en.wikipedia.org/wiki/Transmission_Control_Protocol

The kind of communication used for printing on port number 9100 is TCP, so tell the firewall to allow communication on TCP port 9100 outgoing. There are three parts to this:

1) TCP or UDP

2) The port number (9100 in this case)

3) Incoming or outgoing (or possibly both)

How does one know that TCP 9100 is for print data? Some “well known” port numbers such as 9100 are specified in this public document:

http://www.iana.org/assignments/port-numbers

Many firewalls will list these “well known” ports by a name rather than number since it already knows what that port number is to be used for. Not all ports used for HP printers are in the above document, so you may need to consult the specific product’s documentation to determine the full list of ports that need to be allowed. Using the same example of the HP Photosmart C4380 All-in-One, the ports needed for scanning for example can be found by: Go to the main hp web site: http://www.hp.com/

Move the mouse over the “Support & Drivers” tab near the top of the page.

Enter the product name, such as Photosmart C4380.

Here is the key part: near the top of the page is a field called “Questions or keywords”. In this field, enter the word “networking.

The search results will list several documents on the right side of the page, including a variety of documents with tips and solutions. Scroll through the list for a document titled “'An error has occurred while communicating with the scanning device”

There may be multiple pages of results; you can get to additional pages by clicking on the “Next” button or clicking on one of the page numbers.

Once you find the list of ports that need to be allowed, you will need to navigate the user interface of your particular firewall in order to find out how to add them to the list of allowed ports.

Opening a port is probably the hardest way to configure a firewall to work with a printer, so don't forget the other methods that I talked about earlier: