Where is the difference with client-socket port and server-socket port?

Question

If we decided to create a (TCP) socket-server (for example) on port 12336

imagine it like a:

socket.bind(12336)

and then to create a (TCP) client-socket for it, like a:

socket.connect("12.34.56.78", 12336)

Client-socket binds on port: (for example) 65123

Server-socket binds on port: 12336

Why we need to open port for server on router, and allow to connect from the outside, but doesn't for client ?

Answer 1

Why we need to open port for server on router, and allow to connect from the outside, but doesn't for client ?

If the router performs a network address translation function to translate between the public IP address used on the internet and the private IP addresses used on the internal network, then the router must be told which server on the internal network is supposed to handle incoming connections on port 12336. That is one reason why you might need to explicitly configure a port on the router. For outgoing connections from the client, the router is smart enough to match a response to a request and send the response back to the right computer based on that.

Another reason to open up a port on the router is because it has the function of a firewall. Most firewalls are configured to allow outgoing connections, but to block incoming connections except when explicitly allowed.

Outgoing connections are relatively immune to hacking, because the port number is only determined right before the connection is made, so it can't really be determined in advance, and the port is closed after the connection is closed, so the window for an attack is also limited.

To accept incoming connections, the server has to have a port open continuously and the port number must be know in advance for clients to be able to connect to it. That opens up a nice opportunity for attackers to try to find vulnerable server software.

Sometimes, a firewall is configured to also block outgoing connections and then the port used by the client has to be configured to be allowed through as well. Because client port numbers are assigned randomly, this is only workable for firewalls that run on the user's PC where they open up ports based on the application that requests to make a connection.

Answer 2

Client sockets (try to) make outgoing connections to a server. Server sockets sit and wait for clients to connect into them.

It's very difficult for an outsider to exploit an outgoing port. You would attack a system by looking for vulnerable ingoing ports.

So it's common for routers to allow all outgoing connections by default, and allow responses to outgoing packets. It will block all incoming ones by default. Then you can just open ports for those socket servers that you want to be visible to someone outside your local network.