forked from extern/shorewall_code
110 lines
3.4 KiB
HTML
110 lines
3.4 KiB
HTML
|
<html>
|
|||
|
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
|
|||
|
<title>Shorewall Port Information</title>
|
|||
|
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
|||
|
<meta name="ProgId" content="FrontPage.Editor.Document">
|
|||
|
<meta name="Microsoft Theme" content="boldstri 011, default">
|
|||
|
</head>
|
|||
|
|
|||
|
<body><h1 align="center">Ports required for Various Services/Applications</h1>
|
|||
|
|
|||
|
<p>In addition to those applications described in <a href="Documentation.htm">the
|
|||
|
/etc/shorewall/rules documentation</a>, here are some other
|
|||
|
services/applications that you may need to configure your firewall to accommodate.</p>
|
|||
|
|
|||
|
<p>NTP (Network Time Protocol)</p>
|
|||
|
<blockquote>
|
|||
|
<p>UDP Port 123</p>
|
|||
|
</blockquote>
|
|||
|
<p>rdate</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Port 37</p>
|
|||
|
</blockquote>
|
|||
|
<p>UseNet (NNTP)</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Port 119</p>
|
|||
|
</blockquote>
|
|||
|
<p>DNS</p>
|
|||
|
<blockquote>
|
|||
|
<p>UDP Port 53. If you are configuring a DNS client, you will probably want to
|
|||
|
open TCP Port 53 as well.<br>
|
|||
|
If you are configuring a server, only open TCP Port 53 if you will return long
|
|||
|
replies to queries or if you need to enable ZONE transfers. In the latter
|
|||
|
case, be sure that your server is properly configured.</p>
|
|||
|
</blockquote>
|
|||
|
<p>ICQ </p>
|
|||
|
<blockquote>
|
|||
|
<p>UDP Port 4000. You will also need to open a range of TCP ports which you
|
|||
|
can specify to your ICQ client. By default, clients use 4000-4100.</p>
|
|||
|
</blockquote>
|
|||
|
<p>PPTP</p>
|
|||
|
<blockquote>
|
|||
|
<p><u>Protocol</u> 47 (NOT <u>port</u> 47) and TCP Port 1723 (<a href="PPTP.htm">Lots more
|
|||
|
information here</a>).</p>
|
|||
|
</blockquote>
|
|||
|
<p>IPSEC</p>
|
|||
|
<blockquote>
|
|||
|
<p><u>Protocols</u> 50 and 51 (NOT <u>ports</u> 50 and 51) and UDP Port 500.
|
|||
|
These should be opened in both directions.</p>
|
|||
|
</blockquote>
|
|||
|
<p>SMTP</p>
|
|||
|
<blockquote>
|
|||
|
<p> TCP Port 25.</p>
|
|||
|
</blockquote>
|
|||
|
<p>POP3</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Port 110.</p>
|
|||
|
</blockquote>
|
|||
|
<p>TELNET</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Port 23.</p>
|
|||
|
</blockquote>
|
|||
|
<p>SSH</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Port 22.</p>
|
|||
|
</blockquote>
|
|||
|
<p>Auth (identd)</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Port 113</p>
|
|||
|
</blockquote>
|
|||
|
|
|||
|
<p>Web Access</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Ports 80 and 443.</p>
|
|||
|
</blockquote>
|
|||
|
<p>FTP</p>
|
|||
|
<blockquote>
|
|||
|
<p>Server configuration is covered on in <a href="Documentation.htm#Rules">the
|
|||
|
/etc/shorewall/rules documentation</a>,</p>
|
|||
|
<p>For a client, you must open outbound TCP port 21 and be sure that your
|
|||
|
kernel is compiled to support FTP connection tracking. If you build this
|
|||
|
support as a module, Shorewall will automatically load the module from
|
|||
|
/var/lib/<<i>kernel version</i>>/kernel/net/ipv4/netfilter. </p>
|
|||
|
</blockquote>
|
|||
|
|
|||
|
<p>SMB/NMB (Samba/Windows Browsing/File Sharing)</p>
|
|||
|
<blockquote>
|
|||
|
<p>TCP Ports 137, 139 and 445.<br>
|
|||
|
UDP Ports 137-139.<br>
|
|||
|
<br>
|
|||
|
Also, <a href="samba.htm">see this page</a>.</p>
|
|||
|
</blockquote>
|
|||
|
|
|||
|
<p>Traceroute</p>
|
|||
|
<blockquote>
|
|||
|
<p>UDP ports 33434 through 33434+<i><max number of hops></i>-1</p>
|
|||
|
</blockquote>
|
|||
|
<p>Didn't find what you are looking for -- have you looked in your own
|
|||
|
/etc/services file? </p>
|
|||
|
|
|||
|
<p>Still looking? Try
|
|||
|
<a href="http://www.networkice.com/advice/Exploits/Ports">
|
|||
|
http://www.networkice.com/advice/Exploits/Ports</a></p>
|
|||
|
|
|||
|
<p><font size="2">Last updated 7/30/2002 - </font><font size="2">
|
|||
|
<a href="support.htm">Tom
|
|||
|
Eastep</a></font> </p>
|
|||
|
<font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
|
|||
|
<EFBFBD> <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></body></html>
|