Blog > Tech insights > Why are ports blocked? Understanding proxy&service ports
Article`s title on a dark background

Seeing a “PORT_BLOCKED” message is frustrating and confusing. However, it’s crucial to know that it’s not related to 823/824 proxy ports but to a service port you try to connect to. In this article, we will answer all the whats and whys regarding ports and blocks—keep reading to learn your strategy for dealing with ports. 

What are ports? 

Let’s imagine that you’re sending a parcel. You need to write down both your and the receiver’s addresses so post workers know where to send it. You also need to know the exact name of a street and the accurate number of a recipient’s building, as the same street contains many houses and buildings. This will guarantee that your parcel will reach its destination and won’t get lost. 

Something similar happens when you surf the Net. For example, you want to check the weather. You type your search query in the search bar and press enter – you send a request. However, the target server has to know where to send a response. Your request contains your IP address – an identifier of your device – but it’s not all. An IP address is like a street name. However, just like there may be numerous buildings on the same street, many apps may run on the same device. How does the target server know which app has sent the request? It’s where service ports enter the game. They serve as numerical identifiers of apps. Belonging to the fourth level of the OSI system and working in conjunction with TCP/UDP protocols, ports help route traffic to necessary apps so that you can use dozens of programs on the same device simultaneously without errors. 

Ports use numbers from 0 to 65535 for identification. There are three categories of ports: 

Well-known: ports ranging from 0 to 1023 are reserved for wide-use services such as HTTP or FTP traffic. Common examples include: 

HTTP: Port 80

HTTPS: Port 443

FTP: Port 21

SSH: Port 22

Registered ports: software applications that aren’t as widespread use ports from 1024 to 49151.

Private (dynamic) ports: operating systems automatically assign ports 49152-65535 for temporary connections. Such ports aren’t associated with any particular app.

Internet Assigned Numbers Authority (IANA) manages the official list of ports. When creating a service, developers choose what port to use, considering the app’s requirements. It’s also essential to avoid conflicts with other services that run on the same port. Developers can even register their apps with IANA to get a registered port. 

Besides delivering data packets to the right destination, there are several more reasons we need service ports: 

  • firewall configuration 

Admins can configure firewalls to allow or restrict traffic based on port number. This is handy if you need to protect sensitive services from unauthorized access. Also, it’s possible to configure firewalls to send alerts in case of suspicious activity on specific ports. For example, sudden traffic spikes on ports associated with vulnerable services can indicate a possible attack. Such early detection can be crucial to preventing data leaks. 

  • load balancing 

Service ports are used to distribute traffic in multi-server environments to improve performance. 

  • network analysis

By analyzing logs with special tools, you can track traffic to specific services and ensure that no bottlenecks or other performance issues exist. 

  • network segmentation 

Large organizations use different ports for different services, so others remain secure even if one service is under attack or a leak happens.

However, what about proxy ports? They are ports that a proxy server listens to for incoming requests. Port 8080 or 3128 are usually used for HTTP traffic, while HTTPS runs on 443 or 8443. SOCKS usually listens on port 1080. However, proxy ports aren’t as static as server ports, so the exact port numbers may depend on the setup of a particular server. The server receives a request, processes it, and forwards it to the target server using the appropriate port, for example, port 80 for HTTP traffic. So, generally, proxy ports are still ports and have the same basis as proxy ports. However, they are explicitly used by proxy servers. 

Why are ports blocked? 

When you use proxies, the “PORT_BLOCKED” message may make you think that proxy ports 823 or 824 are blocked. However, service ports you try to connect to are usually to blame. Blocks may happen due to various reasons: 

  • DataImpulse has several ports closed by default due to security reasons
  • Some ports, like Telnet on port 23 or FTP on port 21, are associated with services that are infamous for having vulnerabilities. Network admins may block them to minimize the risks of attacks
  • As ports are entry points for hackers who use special tools for identifying open ports, closing unnecessary ports reduces the attack surface
  • Sometimes, blocked ports have nothing to do with security. Network admins do it to manage traffic – for example, if you block peer-to-peer file-sharing ports, you can prevent bandwidth hogging and make sure critical apps like messengers have the necessary resources. 

What to do if you see a “PORT_BLOCKED” message? 

  1. If you can access the firewall settings, check whether a port is blocked. Create a rule to allow traffic through that port if necessary and possible. 
  2. Ensure your security software has no built-in firewall blocking certain ports. 
  3. Try an alternative port if possible. 
  4. If you use proxies, switch to an alternative server that uses another port and/or protocol. 
  5. Connect to the VPN—A virtual private network (VPN) may help bypass port restrictions as it encrypts your traffic and routes it via a different server. We recommend going with ZoogVPN, a fast and reliable VPN provider with a cross-platform, budget-friendly solution.
  6. Sometimes, internet service providers block specific ports. Contacting them will help you clarify that and get instructions on accessing blocked ports. 
  7. Switching networks—for example, opting for a mobile hotspot instead of Wi-Fi—may help if network configurations cause blocked ports. 
  8. Ensure you have rights to access the data or network you want to access. 
  9. Check whether the tools and apps you use are legal and aren’t trying to connect to vulnerable ports that may be blocked due to safety concerns. 
  10. If you need access to ports that DataImpulse blocks by default, please email us at [email protected] so we can help you with your use case individually. 

To wrap up

Unexpected situations like blocked ports occur now and then, and it’s always better to understand the reason behind those blocks so you can get rid of the root cause. As ports are essential for overall security, they may be blocked to prevent unauthorized access or protect vulnerable services, so sometimes it’s necessary. If you use proxies, opt for residential IPs as they are the addresses of real users, so you don’t stumble upon blocks due to suspicious activity. DataImpulse offers you legally-sourced proxies at a fair price and 24/7 human support, so you can stop worrying about blocks. Email us at [email protected] or press the “Try now” button to start. 

Jennifer R.

Content Editor

Content Manager at DataImpulse. Jennifer's degree in philology and translation and several years of experience in content writing help her create easy-to-understand copies, even on tangled tech topics. While writing every text, her goal is to provide an in-depth look at the given topic and give answers to all possible questions. Subscribe to our newsletter and always be updated on the best technologies for your business.