Ports required for Various Services/Applications
In addition to those applications described in the
/etc/shorewall/rules documentation, here are some other
services/applications that you may need to configure your firewall to accommodate.
NTP (Network Time Protocol)
UDP Port 123
UseNet (NNTP)
TCP Port 119
DNS
UDP Port 53. If you are configuring a DNS client, you will probably want to
open TCP Port 53 as well.
If you are configuring a server, only open TCP Port 53 if you will return long
replies to queries or if you need to enable ZONE transfers. In the latter
case, be sure that your server is properly configured.
ICQ
UDP Port 4000. You will also need to open a range of TCP ports which you
can specify to your ICQ client. By default, clients use 4000-4100.
PPTP
Protocol 47 (NOT PORT 47) and TCP Port 1723.
IPSEC
Protocols 50 and 51 (NOT PORTS 50 and 51) and UDP Port 500. These should be
opened in both directions if both ends can initiate the connection.
SMTP
TCP Port 25.
POP3
TCP Port 110.
TELNET
TCP Port 23.
SSH
TCP Port 22.
Auth (identd)
TCP Port 113
Web Access
TCP Ports 80 and 443.
FTP
Server configuration is covered on in the
/etc/shorewall/rules documentation,
For a client, you must open outbound TCP port 21 and be sure that your
kernel is compiled to support FTP connection tracking. If you build this
support as a module, Shorewall will automatically load the module from
/var/lib/<kernel version>/kernel/net/ipv4/netfilter.
SMB/NMB (Samba/Windows Browsing/File Sharing)
TCP Ports 135, 139 and 445.
UDP Ports 137-139.
Last updated 7/5/2001 - Tom
Eastep
|