<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Shorewall Port Information</title> <meta name="GENERATOR" content="Microsoft FrontPage 5.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> </head> <body> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse;" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#3366ff" height="90"> <tbody> <tr> <td width="100%"> <h1 align="center"><font color="#ffffff">Ports required for Various Services/Applications</font></h1> </td> </tr> </tbody> </table> <p>In addition to those applications described in <a href="Documentation.htm">the /etc/shorewall/rules documentation</a>, here are some other services/applications that you may need to configure your firewall to accommodate.</p> <p>NTP (Network Time Protocol)</p> <blockquote> <p>UDP Port 123</p> </blockquote> <p>rdate</p> <blockquote> <p>TCP Port 37</p> </blockquote> <p>UseNet (NNTP)</p> <blockquote> <p>TCP Port 119</p> </blockquote> <p>DNS</p> <blockquote> <p>UDP Port 53. If you are configuring a DNS client, you will probably want to open TCP Port 53 as well.<br> If you are configuring a server, only open TCP Port 53 if you will return long replies to queries or if you need to enable ZONE transfers.�In the latter case, be sure that your server is properly configured.</p> </blockquote> <p>ICQ���</p> <blockquote> <p>UDP Port 4000. You will also need to open a range of TCP ports which you can specify to your ICQ client. By default, clients use 4000-4100.</p> </blockquote> <p>PPTP</p> <blockquote> <p><u>Protocol</u> 47 (NOT <u>port</u> 47) and TCP Port 1723 (<a href="PPTP.htm">Lots more information here</a>).</p> </blockquote> <p>IPSEC</p> <blockquote> <p><u>Protocols</u> 50 and 51 (NOT <u>ports</u> 50 and 51) and UDP Port 500. These should be opened in both directions (Lots more information <a href="IPSEC.htm">here</a> and <a href="VPN.htm">here</a>).</p> </blockquote> <p>SMTP (Email)</p> <blockquote> <p>�TCP Port 25.</p> </blockquote> <p>RealPlayer<br> </p> <blockquote> <p>UDP Port 6790 inbound<br> </p> </blockquote> <p>POP3</p> <blockquote> <p>TCP Port 110 (Secure = TCP Port 995)<br> </p> </blockquote> <p>IMAP<br> </p> <blockquote>TCP Port 143 (Secure = TCP Port 993)<br> </blockquote> <p>TELNET</p> <blockquote> <p>TCP Port 23.</p> </blockquote> <p>SSH</p> <blockquote> <p>TCP Port 22.</p> </blockquote> <p>Auth (identd)</p> <blockquote> <p>TCP Port 113</p> </blockquote> <p>Web Access</p> <blockquote> <p>TCP Ports 80 and 443.</p> </blockquote> <p>FTP<br> </p> <blockquote> <p>TCP port 21 plus <a href="FTP.html">look here for much more information</a>.<br> </p> </blockquote> <p>SMB/NMB (Samba/Windows Browsing/File Sharing)</p> <blockquote> </blockquote> <blockquote> <p>TCP Ports 137, 139 and 445.<br> UDP Ports 137-139.<br> <br> Also, <a href="samba.htm">see this page</a>.</p> </blockquote> <p>Traceroute</p> <blockquote> <p>UDP ports 33434 through 33434+<i><max number of hops></i>-1<br> ICMP type 8 ('ping')<br> </p> </blockquote> <p>NFS<br> </p> <blockquote> <p>I personally use the following rules for opening access from zone z1 to a server with IP address a.b.c.d in zone z2:<br> </p> <pre>ACCEPT z1 z2:a.b.c.d udp 111<br>ACCEPT z1 z2:a.b.c.d tcp 111<br>ACCEPT z1 z2:a.b.c.d udp 2049<br>ACCEPT z1 z2:a.b.c.d udp 32700:<br></pre> </blockquote> <blockquote> <p>Note that my rules only cover NFS using UDP (the normal case). There is lots of additional information at� <a href="http://nfs.sourceforge.net/nfs-howto/security.html"> http://nfs.sourceforge.net/nfs-howto/security.html</a></p> </blockquote> <p>VNC<br> </p> <blockquote> <p>TCP port 5900 + <display number></p> </blockquote> <p>Didn't find what you are looking for -- have you looked in your own /etc/services file? </p> <p>Still looking? Try <a href="http://www.networkice.com/advice/Exploits/Ports"> http://www.networkice.com/advice/Exploits/Ports</a></p> <p><font size="2">Last updated 7/30/2003 - </font><font size="2"> <a href="support.htm">Tom Eastep</a></font> </p> <a href="copyright.htm"><font size="2">Copyright</font> � <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br> <br> <br> <br> </body> </html>