<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Shorewall Port Information</title> <meta name="GENERATOR" content="Microsoft FrontPage 5.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> </head> <body> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1" bgcolor="#400169" height="90"> <tr> <td width="100%"> <h1 align="center"><font color="#FFFFFF">Ports required for Various Services/Applications</font></h1> </td> </tr> </table> <p>In addition to those applications described in <a href="Documentation.htm">the /etc/shorewall/rules documentation</a>, here are some other services/applications that you may need to configure your firewall to accommodate.</p> <p>NTP (Network Time Protocol)</p> <blockquote> <p>UDP Port 123</p> </blockquote> <p>rdate</p> <blockquote> <p>TCP Port 37</p> </blockquote> <p>UseNet (NNTP)</p> <blockquote> <p>TCP Port 119</p> </blockquote> <p>DNS</p> <blockquote> <p>UDP Port 53. If you are configuring a DNS client, you will probably want to open TCP Port 53 as well.<br> If you are configuring a server, only open TCP Port 53 if you will return long replies to queries or if you need to enable ZONE transfers. In the latter case, be sure that your server is properly configured.</p> </blockquote> <p>ICQ </p> <blockquote> <p>UDP Port 4000. You will also need to open a range of TCP ports which you can specify to your ICQ client. By default, clients use 4000-4100.</p> </blockquote> <p>PPTP</p> <blockquote> <p><u>Protocol</u> 47 (NOT <u>port</u> 47) and TCP Port 1723 (<a href="PPTP.htm">Lots more information here</a>).</p> </blockquote> <p>IPSEC</p> <blockquote> <p><u>Protocols</u> 50 and 51 (NOT <u>ports</u> 50 and 51) and UDP Port 500. These should be opened in both directions.</p> </blockquote> <p>SMTP</p> <blockquote> <p> TCP Port 25.</p> </blockquote> <p>POP3</p> <blockquote> <p>TCP Port 110.</p> </blockquote> <p>TELNET</p> <blockquote> <p>TCP Port 23.</p> </blockquote> <p>SSH</p> <blockquote> <p>TCP Port 22.</p> </blockquote> <p>Auth (identd)</p> <blockquote> <p>TCP Port 113</p> </blockquote> <p>Web Access</p> <blockquote> <p>TCP Ports 80 and 443.</p> </blockquote> <p>FTP</p> <blockquote> <p>Server configuration is covered on in <a href="Documentation.htm#Rules">the /etc/shorewall/rules documentation</a>,</p> <p>For a client, you must open outbound TCP port 21 and be sure that your kernel is compiled to support FTP connection tracking. If you build this support as a module, Shorewall will automatically load the module from /var/lib/<<i>kernel version</i>>/kernel/net/ipv4/netfilter. </p> </blockquote> <p>SMB/NMB (Samba/Windows Browsing/File Sharing)</p> <blockquote> <p>TCP Ports 137, 139 and 445.<br> UDP Ports 137-139.<br> <br> Also, <a href="samba.htm">see this page</a>.</p> </blockquote> <p>Traceroute</p> <blockquote> <p>UDP ports 33434 through 33434+<i><max number of hops></i>-1</p> </blockquote> <p>NFS</p> <blockquote> <p>There's some good information at <a href="http://nfs.sourceforge.net/nfs-howto/security.html"> http://nfs.sourceforge.net/nfs-howto/security.html</a></p> </blockquote> <p>Didn't find what you are looking for -- have you looked in your own /etc/services file? </p> <p>Still looking? Try <a href="http://www.networkice.com/advice/Exploits/Ports"> http://www.networkice.com/advice/Exploits/Ports</a></p> <p><font size="2">Last updated 8/21/2002 - </font><font size="2"> <a href="support.htm">Tom Eastep</a></font> </p> <font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font> � <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></body></html>