Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> why shouldn't port 80/443 be available to apps

Because they're < 1024, I guess. Anywhere I've seen besides windows needs you to be root, or have some other specific permission to listen on that port.

Not that I agree with it, but it is the existing status quo.



I know about privileged ports, they just don't make sense anymore. They were a good idea on a timeshared system with groups of students logging into their own shells because equivalent personal computers were unaffordable.

These days, computers are used by one, maybe two or three people. If I, the only user of my phone, decide I want to use port 80, why can't I? Put this stuff behind a special privilege for all I care.


IIRC macOS got rid of privileged ports for these reasons. Dunno about iOS... But in any case what cell provider is going to let you handle inbound traffic? Most of the wifi networks you are on are NAT'd, etc. At best you'd probably want an outbound persistent tunnel that is "terminated" by a relay elsewhere. At that point you might as well just have the relay host the thing.


Sadly, cell provider puts me behind an IPv4 CGNAT, they didn't even bother to hand out IPv6 addresses at least. I picked them out because they were cheap more than anything, so I only have myself to blame.

I have previously used carriers that did expose (IPv6) addresses, though. Port 25/53/etc were blocked but I could host a web server on there if I wanted to drain the 2GB of mobile data I had at the time.

NAT isn't a problem with IPv6 support. Of course there's the network firewall, but adding a rule to accept ports 1714-1764 isn't that hard.

Right now I've solved the problem with a VPN tunnel, but that's not really that permanent a solution.


You're not getting inbound connections on IPv4 without a fight, although, I remember when you used to be able to pay mobile carriers to get a public IPv4 address that might have also been static(!) for VPN purposes. But it's not uncommon for carriers to give you a whole /64 on IPv6, and for that to be full proper connectivity (maybe they block smtp and smb, that's very common).

Yeah, IPv6 isn't everywhere, but if you have it on your phone and everywhere you want to access you phone from...


That's true even with a residential ISP though. It's no harder than serving off a laptop on android.


All mobile traffic is proxied today, anything inbound on a normal plan will get flagged if it’s at all disruptive.

I had some experience getting yelled at by a carrier for something like this. If your “server” is mobile, they get testy.


There's still a big difference between a system service binding to the port vs a random app binding to it.

Even on a phone (that's not a "server" in the traditional sense), e.g. listening on UDP port 5353 is needed to show up in mDNS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: