mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-03 21:13:29 +01:00
dbfc838988
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@789 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
148 lines
4.1 KiB
HTML
148 lines
4.1 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
<html>
|
||
<head>
|
||
<meta http-equiv="Content-Type"
|
||
content="text/html; charset=windows-1252">
|
||
<title>Shorewall Port Information</title>
|
||
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
||
<meta name="ProgId" content="FrontPage.Editor.Document">
|
||
</head>
|
||
<body>
|
||
<h1 style="text-align: center;">Ports Required for Various
|
||
Services/Applications<br>
|
||
</h1>
|
||
<p>In addition to those applications described in <a
|
||
href="Documentation.htm">the /etc/shorewall/rules documentation</a>,
|
||
here are some other services/applications that you may need to
|
||
configure
|
||
your firewall to accommodate.</p>
|
||
<p>NTP (Network Time Protocol)</p>
|
||
<blockquote>
|
||
<p>UDP Port 123</p>
|
||
</blockquote>
|
||
<p>rdate</p>
|
||
<blockquote>
|
||
<p>TCP Port 37</p>
|
||
</blockquote>
|
||
<p>UseNet (NNTP)</p>
|
||
<blockquote>
|
||
<p>TCP Port 119</p>
|
||
</blockquote>
|
||
<p>DNS</p>
|
||
<blockquote>
|
||
<p>UDP Port 53. If you are configuring a DNS client, you will
|
||
probably
|
||
want to open TCP Port 53 as well.<br>
|
||
If you are configuring a server, only open TCP Port 53 if
|
||
you will return long replies to queries or if you need to enable ZONE
|
||
transfers. In the latter case, be sure that your server is
|
||
properly
|
||
configured.</p>
|
||
</blockquote>
|
||
<p>ICQ </p>
|
||
<blockquote>
|
||
<p>UDP Port 4000. You will also need to open a range of TCP ports
|
||
which you can specify to your ICQ client. By default, clients use
|
||
4000-4100.</p>
|
||
</blockquote>
|
||
<p>PPTP</p>
|
||
<blockquote>
|
||
<p><u>Protocol</u> 47 (NOT <u>port</u> 47) and TCP Port 1723 (<a
|
||
href="PPTP.htm">Lots more information here</a>).</p>
|
||
</blockquote>
|
||
<p>IPSEC</p>
|
||
<blockquote>
|
||
<p><u>Protocols</u> 50 and 51 (NOT <u>ports</u> 50 and 51) and UDP
|
||
Port 500. These should be opened in both directions (Lots more
|
||
information <a href="IPSEC.htm">here</a> and <a href="VPN.htm">here</a>).</p>
|
||
</blockquote>
|
||
<p>SMTP (Email)</p>
|
||
<blockquote>
|
||
<p> TCP Port 25.</p>
|
||
</blockquote>
|
||
<p>RealPlayer<br>
|
||
</p>
|
||
<blockquote>
|
||
<p>UDP Port 6790 inbound<br>
|
||
</p>
|
||
</blockquote>
|
||
<p>POP3</p>
|
||
<blockquote>
|
||
<p>TCP Port 110 (Secure = TCP Port 995)<br>
|
||
</p>
|
||
</blockquote>
|
||
<p>IMAP<br>
|
||
</p>
|
||
<blockquote>TCP Port 143 (Secure = TCP Port 993)<br>
|
||
</blockquote>
|
||
<p>TELNET</p>
|
||
<blockquote>
|
||
<p>TCP Port 23.</p>
|
||
</blockquote>
|
||
<p>SSH</p>
|
||
<blockquote>
|
||
<p>TCP Port 22.</p>
|
||
</blockquote>
|
||
<p>Auth (identd)</p>
|
||
<blockquote>
|
||
<p>TCP Port 113</p>
|
||
</blockquote>
|
||
<p>Web Access</p>
|
||
<blockquote>
|
||
<p>TCP Ports 80 and 443.</p>
|
||
</blockquote>
|
||
<p>FTP<br>
|
||
</p>
|
||
<blockquote>
|
||
<p>TCP port 21 plus <a href="FTP.html">look here for much more
|
||
information</a>.<br>
|
||
</p>
|
||
</blockquote>
|
||
<p>SMB/NMB (Samba/Windows Browsing/File Sharing)</p>
|
||
<blockquote> </blockquote>
|
||
<blockquote>
|
||
<p>TCP Ports 137, 139 and 445.<br>
|
||
UDP Ports 137-139.<br>
|
||
<br>
|
||
Also, <a href="samba.htm">see this page</a>.</p>
|
||
</blockquote>
|
||
<p>Traceroute</p>
|
||
<blockquote>
|
||
<p>UDP ports 33434 through 33434+<i><max number of hops></i>-1<br>
|
||
ICMP type 8 ('ping')<br>
|
||
</p>
|
||
</blockquote>
|
||
<p>NFS<br>
|
||
</p>
|
||
<blockquote>
|
||
<p>I personally use the following rules for opening access from zone
|
||
z1 to a server with IP address a.b.c.d in zone z2:<br>
|
||
</p>
|
||
<pre>ACCEPT z1 z2:a.b.c.d udp 111<br>ACCEPT z1 z2:a.b.c.d tcp 111<br>ACCEPT z1 z2:a.b.c.d udp 2049<br>ACCEPT z1 z2:a.b.c.d udp 32700:<br></pre>
|
||
</blockquote>
|
||
<blockquote>
|
||
<p>Note that my rules only cover NFS using UDP (the normal case).
|
||
There is lots of additional information at <a
|
||
href="http://nfs.sourceforge.net/nfs-howto/security.html">
|
||
http://nfs.sourceforge.net/nfs-howto/security.html</a></p>
|
||
</blockquote>
|
||
<p>VNC<br>
|
||
</p>
|
||
<blockquote>
|
||
<p>TCP port 5900 + <display number></p>
|
||
</blockquote>
|
||
<p>Didn't find what you are looking for -- have you looked in your own
|
||
/etc/services file? </p>
|
||
<p>Still looking? Try <a
|
||
href="http://www.networkice.com/advice/Exploits/Ports">
|
||
http://www.networkice.com/advice/Exploits/Ports</a></p>
|
||
<p><font size="2">Last updated 7/30/2003 - </font><font size="2"> <a
|
||
href="support.htm">Tom Eastep</a></font> </p>
|
||
<a href="copyright.htm"><font size="2">Copyright</font> <20>
|
||
<font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
|
||
<br>
|
||
<br>
|
||
<br>
|
||
</body>
|
||
</html>
|