Ports Required for Various Services/Applications

Ports Required for Various Services/Applications Tom Eastep 2002-07-30 2001-2002 Thomas M. Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. In addition to those applications described in the /etc/shorewall/rules documentation, here are some other services/applications that you may need to configure your firewall to accommodate.

NTP (Network Time Protocol) UDP Port 123

rdate TCP Port 37

Usenet (NNTP) TCP Port 119

DNS UDP Port 53. If you are configuring a DNS client, you will probably want to open TCP Port 53 as well. If you are configuring a server, only open TCP Port 53 if you will return long replies to queries or if you need to enable ZONE transfers. In the latter case, be sure that your server is properly configured.

ICQ UDP Port 4000. You will also need to open a range of TCP ports which you can specify to your ICQ client. By default, clients use 4000-4100.

PPTP Protocol 47 (NOT port 47) and TCP Port 1723 (Lots more information here and here).

IPSEC Protocols 50 and 51 (NOT ports 50 and 51) and UDP Port 500. These should be opened in both directions (Lots more information here and here)

SMTP (email) TCP Port 25.

Pop3 TCP Port 110 (Secure Pop3 is TCP Port 995)

IMAP TCP Port 143 (Secure IMAP is TCP Port 993)

Telnet TCP Port 23.

SSH TCP Port 22.

Auth (identd) TCP Port 113

Web Access TCP Ports 80 and 443.

FTP TCP port 21 plus look here for much more information.

SMB/NMB (Samba/Windows Browsing/File Sharing) TCP Ports 137, 139 and 445. UDP Ports 137-139. Also, see this page.

Traceroute UDP ports 33434 through 33434+<max number of hops>-1 ICMP type 8 (ping)

NFS I personally use the following rules for opening access from zone z1 to a server with IP address a.b.c.d in zone z2: ACTION SOURCE DESTINATION PROTOCOL PORT(S) SOURCE PORT(S) ORIGINAL DEST ACCEPT z1 z2:a.b.c.d udp 111 ACCEPT z1 z2:a.b.c.d tcp 111 ACCEPT z1 z2:a.b.c.d udp 2049 ACCEPT z1 z2:a.b.c.d udp 32700:

VNC TCP port 5900 + <display number>.

Other Source of Port Information Didn't find what you are looking for -- have you looked in your own /etc/services file? Still looking? Try http://www.networkice.com/advice/Exploits/Ports