Outbound Traffic Blocking: HTTP Only?

TL;DR

Your outbound traffic is likely being blocked by a firewall rule that specifically allows only HTTP (port 80) and HTTPS (port 443) traffic. This can happen if the firewall is configured with overly restrictive rules for security reasons, or due to a misconfiguration.

How to Identify the Blocking Criteria

1. Check Your Firewall Rules: This is the most important step. You need access to your firewall’s configuration interface (usually web-based or command line). Look for rules that control outbound traffic.
   • Identify Outbound Rules: Focus on rules specifically designed to allow or deny traffic *leaving* your network.
   • Examine Rule Conditions: Pay close attention to these conditions:
     • Protocol: Is it set to ‘TCP’ only? If so, this is a strong indicator.
     • Destination Port(s): Are only ports 80 and 443 allowed?
     • Source IP/Network: Is the rule applying to your entire network or specific devices?
     • Application Control: Some firewalls use application control. Is HTTP explicitly allowed, while other applications are blocked?
2. Use Packet Capture (tcpdump/Wireshark): If you can’t easily access the firewall configuration, packet capture is your next best bet.
   • Capture Outbound Traffic: Use a tool like tcpdump or Wireshark to record traffic leaving your system. For example:

     sudo tcpdump -i eth0 -w outbound.pcap 'dst not port 80 and dst not port 443'

     (Replace eth0 with the correct network interface.)

   • Analyze the Capture: Look for traffic that is being blocked. If you see packets being dropped, examine the firewall logs (see step 3) to find out why.
3. Review Firewall Logs: Most firewalls keep detailed logs of blocked and allowed traffic.
   • Locate Relevant Logs: Find the section in your firewall’s interface that displays outbound traffic logs.
   • Filter for Blocked Traffic: Filter the logs to show only blocked connections originating from your network.
   • Look for Denial Reasons: The logs should indicate *why* the traffic was blocked (e.g., ‘rule denied’, ‘protocol not allowed’).
4. Test with Different Protocols: Try sending outbound traffic using different protocols to confirm the blocking.
   • Ping:

     ping 8.8.8.8

     (ICMP)

   • DNS Lookup:

     nslookup google.com

     (UDP port 53)

   • SMTP (Email): Attempt to send a test email. (TCP port 25, 465, or 587)

How to Fix the Blocking

1. Modify Firewall Rules: Add rules to allow the necessary protocols and ports for your applications.
   • Be Specific: Avoid overly broad rules. Only allow traffic that is absolutely required.
   • Consider Application Control: If your firewall supports it, use application control instead of port-based rules whenever possible. This provides more granular security.
2. Check for Implicit Deny Rules: Some firewalls have a default ‘deny all’ rule that blocks all traffic unless explicitly allowed.
   • Ensure Allow Rules are Above Deny Rules: The order of rules matters. Make sure your allow rules are placed *before* any deny-all rules.