<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Shorewall Port Information</title>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<body>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90">
  <tr>
    <td width="100%">
    <h1 align="center"><font color="#FFFFFF">Ports required for Various Services/Applications</font></h1>
    </td>
  </tr>
</table>

<p>In addition to those applications described in <a href="Documentation.htm">the
/etc/shorewall/rules documentation</a>, here are some other
services/applications that you may need to configure your firewall to accommodate.</p>

<p>NTP (Network Time Protocol)</p>
<blockquote>
  <p>UDP Port 123</p>
</blockquote>
  <p>rdate</p>
<blockquote>
  <p>TCP Port 37</p>
</blockquote>
  <p>UseNet (NNTP)</p>
<blockquote>
  <p>TCP Port 119</p>
</blockquote>
<p>DNS</p>
<blockquote>
  <p>UDP Port 53. If you are configuring a DNS client, you will probably want to
  open TCP Port 53 as well.<br>
  If you are configuring a server, only open TCP Port 53 if you will return long
  replies to queries or if you need to enable ZONE transfers.&nbsp;In the latter
  case, be sure that your server is properly configured.</p>
</blockquote>
<p>ICQ&nbsp;&nbsp;&nbsp;</p>
<blockquote>
  <p>UDP Port 4000. You will also need to open a range of TCP ports which you
  can specify to your ICQ client. By default, clients use 4000-4100.</p>
</blockquote>
<p>PPTP</p>
<blockquote>
  <p><u>Protocol</u> 47 (NOT <u>port</u> 47) and TCP Port 1723 (<a href="PPTP.htm">Lots more
  information here</a>).</p>
</blockquote>
<p>IPSEC</p>
<blockquote>
  <p><u>Protocols</u> 50 and 51 (NOT <u>ports</u> 50 and 51) and UDP Port 500. 
  These should be opened in both directions.</p>
</blockquote>
<p>SMTP</p>
<blockquote>
  <p>&nbsp;TCP Port 25.</p>
</blockquote>
<p>POP3</p>
<blockquote>
  <p>TCP Port 110.</p>
</blockquote>
<p>TELNET</p>
<blockquote>
  <p>TCP Port 23.</p>
</blockquote>
<p>SSH</p>
<blockquote>
  <p>TCP Port 22.</p>
</blockquote>
<p>Auth (identd)</p>
<blockquote>
  <p>TCP Port 113</p>
</blockquote>

  <p>Web Access</p>
<blockquote>
  <p>TCP Ports 80 and 443.</p>
</blockquote>
  <p>FTP</p>
<blockquote>
  <p>Server configuration is covered on in <a href="Documentation.htm#Rules">the
  /etc/shorewall/rules documentation</a>,</p>
  <p>For a client, you must open outbound TCP port 21 and be sure that your
  kernel is compiled to support FTP connection tracking. If you build this
  support as a module, Shorewall will automatically load the module from
  /var/lib/&lt;<i>kernel version</i>&gt;/kernel/net/ipv4/netfilter.&nbsp;</p>
</blockquote>

  <p>SMB/NMB (Samba/Windows Browsing/File Sharing)</p>
<blockquote>
  <p>TCP Ports 137, 139 and 445.<br>
  UDP Ports 137-139.<br>
  <br>
  Also, <a href="samba.htm">see this page</a>.</p>
</blockquote>

  <p>Traceroute</p>
<blockquote>
  <p>UDP ports 33434 through 33434+<i>&lt;max number of hops&gt;</i>-1</p>
</blockquote>
  <p>NFS</p>
<blockquote>
  <p>There's some good information at&nbsp;
  <a href="http://nfs.sourceforge.net/nfs-howto/security.html">
  http://nfs.sourceforge.net/nfs-howto/security.html</a></p>
</blockquote>
  <p>Didn't find what you are looking for -- have you looked in your own
  /etc/services file? </p>

  <p>Still looking? Try
  <a href="http://www.networkice.com/advice/Exploits/Ports">
  http://www.networkice.com/advice/Exploits/Ports</a></p>

<p><font size="2">Last updated 8/21/2002 - </font><font size="2">
<a href="support.htm">Tom
Eastep</a></font> </p>
<font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> 
� <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></body></html>