What does "incoming" and "outgoing" traffic mean?

mgibsonbr asked:

I’ve seen many resources explaining how to set up a server’s firewall to allow incoming and outgoing traffic on HTTP standard ports (80 and 443), but I can’t figure out why I would need either of them. Do I need to unblock both for a “regular” web site to work? For file uploads to work? Are there situations where it would be advisable to unblock one and leave the other blocked?

Sorry if that’s a basic question, but I couldn’t find it explained anywhere (also I’m not a native english speaker). I know in a “regular” web site the client is always the one who initiates a request, so I’m assuming a web server must accept incoming traffic on those ports, and my common sense tells me the server is allowed to send a response without unblocking anything else (otherwise it wouldn’t make sense to have two types of rules). Is that correct?

But what is an outgoing web (service) traffic, and what would be its use? AFAIK if the server wanted to initiate a connection with another machine, the specific port that matters is the one in the other end (i.e. the destination port would be 80), on its end any free port could be used (the source port would be random). I can open HTTP requests from my server (using wget for instance) without unblocking anything. So I’m assuming my concepts of “incoming” and “outgoing” are wrong somehow.

My answer:


“Incoming” and “outgoing” are from the perspective of the machine in question.

“Incoming” refers to packets which originate elsewhere and arrive at the machine, while “outgoing” refers to packets which originate at the machine and arrive elsewhere.

If you refer to your web server, it mostly accepts incoming connections to its web service, and only occasionally (or maybe never) makes outgoing connections.

If you refer to your web client, it mostly makes outgoing connections to other services, and only occasionally (or maybe never) accepts incoming connections.

Clear as mud now?


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.