need to unlock port 4443

David Toub wrote:
I'm told that in order to access a site at Johns Hopkins, I need to have port 4443 open. I generally have no problems with https connections, but this one is a problem. Unfortunately, I don't see any way to change this in my Sharing or Network settings. I do not have a firewall operating at this time. I'm using a Verizon-supplied wireless router that is a real bear to configure, so I'm hoping that isn't necessary. Thanks.

Even when you open the port on your computer, you must also open it on your router.
I have used Verizon routers 327W15 and the new 7500. Both are rather easy to configure.
You can download the manual from Verizon. It's also on the CD that came with the router.

Be sure when modifying the router firewall settings to create a new connection profile and leave the default as it is so you can easily switch back to the default settings.

Why do you need to have port 4443 open on your machine? You're the one trying to access the site, which I presume is an https website, right? You're not running the server, right?

When you connect with a web browser to a web site, your packets leave your machine on some randomly selected (by the OS) port number greater than 49151, just as they do with Mail, ssh, ftp, afp, smb, etc. The target (destination) port number is 80, generally, for http, 443 for https, etc. Same holds true for Mail, etc. With Mail, your packets leave on a high-numbered port and are delivered to port 110 of the server for pop mail, and so forth.

This is easily verified by launching Terminal (from an admin-privileged account) and typing
tcpdump -i en1 port 80
Interface en1 is typically airport, but on my Mac Pro it just happens to be en2 because I have two ethernet ports en0 and en1, so that's why my example below says -i en2.

So here is one line of a tcpdump capture on my computer:
14:14:29.449628 IP Mac-Pro.49889 > 67.132.30.42.http: . ack 14276 win 65535 <nop,nop,timestamp 1054155761 3258606329>
My Mac Pro sent traffic out my port 49889 to the http port 80 (it gives the service name (e.g. http) rather than the port number (e.g., 80) if the port is listed in the file /etc/services, which you can also see online at http://www.iana.org/assignments/port-numbers).

If you need to specify an alternate port number through which to connect in a URL, that would be done similar to this:
https://specialserver.johnshopkins.edu:4443
Note how a colon and the alternate port number is appended to the target host name. That is how to specify an alternate port number to which to connect.

Did you try to access the site as I described? Aren't you just trying to access a https website that uses a non-standard port number? Or are you running some sort of ancillary server application that needs that port open? You can't control the port number that your packets leave on when you initiated the session as a client application. Well, I guess it is a moot point since you are gaining access via VPN.