<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
                                
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>Shorewall Port Information</title>
                                                        
  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
                                
  <meta name="ProgId" content="FrontPage.Editor.Document">
</head>
  <body>
                
<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" bordercolor="#111111" width="100%"
 id="AutoNumber1" bgcolor="#3366ff" height="90">
               <tbody>
                <tr>
                 <td width="100%">                                      
                 
      <h1 align="center"><font color="#ffffff">Ports required for Various
      Services/Applications</font></h1>
                 </td>
               </tr>
                                
  </tbody>        
</table>
                
<p>In addition to those applications described in <a
 href="Documentation.htm">the /etc/shorewall/rules documentation</a>, here
      are some other services/applications that you may need to configure
your     firewall to accommodate.</p>
                
<p>NTP (Network Time Protocol)</p>
                
<blockquote>                        
  <p>UDP Port 123</p>
             </blockquote>
                
<p>rdate</p>
                
<blockquote>                        
  <p>TCP Port 37</p>
             </blockquote>
                
<p>UseNet (NNTP)</p>
                
<blockquote>                        
  <p>TCP Port 119</p>
             </blockquote>
                
<p>DNS</p>
                
<blockquote>                        
  <p>UDP Port 53. If you are configuring a DNS client, you will probably
want to   open TCP Port 53 as well.<br>
               If you are configuring a server, only open TCP Port 53 if
you   will   return  long   replies to queries or if you need to enable ZONE
transfers.�In     the  latter   case, be sure that your server is properly
configured.</p>
             </blockquote>
                
<p>ICQ���</p>
                
<blockquote>                        
  <p>UDP Port 4000. You will also need to open a range of TCP ports which
      you   can specify to your ICQ client. By default, clients use 4000-4100.</p>
             </blockquote>
                
<p>PPTP</p>
                
<blockquote>                        
  <p><u>Protocol</u> 47 (NOT <u>port</u> 47) and TCP Port 1723 (<a
 href="PPTP.htm">Lots more   information here</a>).</p>
             </blockquote>
                
<p>IPSEC</p>
                
<blockquote>                        
  <p><u>Protocols</u> 50 and 51 (NOT <u>ports</u> 50 and 51) and UDP Port
      500.    These should be opened in both directions (Lots more information
       <a href="IPSEC.htm">here</a> and <a href="VPN.htm">here</a>).</p>
             </blockquote>
                
<p>SMTP (Email)</p>
                
<blockquote>                        
  <p>�TCP Port 25.</p>
             </blockquote>
                
<p>RealPlayer<br>
     </p>
         
<blockquote>               
  <p>UDP Port 6790 inbound<br>
       </p>
     </blockquote>
         
<p>POP3</p>
                
<blockquote>                        
  <p>TCP Port 110 (Secure = TCP Port 995)<br>
     </p>
   </blockquote>
     
<p>IMAP<br>
   </p>
     
<blockquote>TCP Port 143 (Secure = TCP Port 993)<br>
   </blockquote>
                          
<p>TELNET</p>
                
<blockquote>                        
  <p>TCP Port 23.</p>
             </blockquote>
                
<p>SSH</p>
                
<blockquote>                        
  <p>TCP Port 22.</p>
             </blockquote>
                
<p>Auth (identd)</p>
                
<blockquote>                        
  <p>TCP Port 113</p>
             </blockquote>
                
<p>Web Access</p>
                
<blockquote>                        
  <p>TCP Ports 80 and 443.</p>
             </blockquote>
                
<p>FTP<br>
  </p>
   
<blockquote>      
  <p>TCP port 21 plus <a href="FTP.html">look here for much more information</a>.<br>
  </p>
</blockquote>
<p>SMB/NMB (Samba/Windows Browsing/File Sharing)</p>
                
<blockquote> </blockquote>
                
<blockquote>                        
  <p>TCP Ports 137, 139 and 445.<br>
               UDP Ports 137-139.<br>
               <br>
               Also, <a href="samba.htm">see this page</a>.</p>
             </blockquote>
                
<p>Traceroute</p>
                
<blockquote>                        
  <p>UDP ports 33434 through 33434+<i>&lt;max number of hops&gt;</i>-1<br>
   ICMP type 8 ('ping')<br>
     </p>
             </blockquote>
                
<p>NFS<br>
         </p>
                
<blockquote>                        
  <p>I personally use the following rules for opening access from zone z1
    to a server with IP address a.b.c.d in zone z2:<br>
           </p>
                                
  <pre>ACCEPT	z1	z2:a.b.c.d	udp	111<br>ACCEPT	z1	z2:a.b.c.d	tcp	111<br>ACCEPT	z1	z2:a.b.c.d	udp	2049<br>ACCEPT	z1	z2:a.b.c.d	udp	32700:<br></pre>
         </blockquote>
                
<blockquote>                        
  <p>Note that my rules only cover NFS using UDP (the normal case). There
    is lots of additional information at�   <a
 href="http://nfs.sourceforge.net/nfs-howto/security.html">   http://nfs.sourceforge.net/nfs-howto/security.html</a></p>
             </blockquote>
                
<p>VNC<br>
      </p>
           
<blockquote>                  
  <p>TCP port 5900 + &lt;display number&gt;</p>
      </blockquote>
           
<p>Didn't find what you are looking for -- have you looked in your own /etc/services 
   file? </p>
                
<p>Still looking? Try   <a
 href="http://www.networkice.com/advice/Exploits/Ports">   http://www.networkice.com/advice/Exploits/Ports</a></p>
                
<p><font size="2">Last updated 7/30/2003 - </font><font size="2"> <a
 href="support.htm">Tom Eastep</a></font> </p>
             <a href="copyright.htm"><font size="2">Copyright</font>   �
<font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
   <br>
  <br>
 <br>
</body>
</html>