Possible to Pre-define Ports by Which Applications Connect?

[Buddha]

Hi,

I've spend several nights on the internet looking for an answer to this problem with no luck at all.

I have a home computer system running Windows XP SP2. I would like, if it is possible, to be able to pre-define what ports an application (any application) can use to connect out of this computer. (I have no expertise in this area so I don't even know if I am using the right words.) Some applications have configuration options that allow, for example, to pre-define ports to use to connect to a proxy server (whatever). But what I need is some way of getting this kind of control over applications that don't have this as part of their built-in configuration capabilities.

Is there any kind of 'gadget' in XP that allows users to do this kind of thing? Or even a third-party app that can kind of wrap itself around attempts by applications to connect and re-direct their connections to specified ports?

I've tried doing this kind of thing at a firewall by restricting the ports which a particular application is allowed to use. But this doesn't work as it seems applications try to make initial connections from a starting (number) port that looks fairly arbitrary. If I try to work out ranges an application tries to use it always fails because next attempt at connecting it's off trying a different port number. I really want to able to say 'use that one, two, three etc. and no other'.

Help please.

[Bill Castner]

Use a rules-based firewall. Kerio and Outpost, both with free versions, come to mind.
Rule 1: enable TCP (and/or UDP if necessary) on a single port that you know the program will try.
Rule 2: block all ports for the application.

The way a rules-based firewall would interpret the above is that if the application did not use the single permitted port, it would be blocked. Many applications will recover by trying a sequence of ports before giving up.

You can identify the ports used by the application by implementing just Rule #2, and examing the firewall log for the failed attempts. Note that the order of the two rules is important: if Rule #2 is processed by the firewall before Rule #1, the application would be blocked. A rules-based firewall lets you determine the processing order of all rules. The first rule that completely satisfies the condition stops processing of all subsequent rules.

[Buddha]

Thank you, Bill.

Okay, I'll give that a try over the next couple of days and comment back. It is the kind of thing I've tried before, but I can try again.

I am, though, really surprised that there is not a straightforward way of being able to instruct the OS to direct connections for specific applications to specific ports and no others. To the point that lack of that capability seems to me to be a design flaw in the OS.