Installation guide
21
Public ports
‘Public ports’ are 49152 - 65535. These are up for grabs so never rely on these ports delivering the same
service.
However, this is all entirely voluntary. Nothing stops you from running your web server using port 21 instead
of port 80, although it would not be sensible to do that. It is worthwhile remembering that writers of malicious
code (backdoors, Trojans etc) do not have to follow convention regarding the port numbers they use. Nor
will it help you to try to disguise a web service behind an unusual port number. Most good port scanners not
only detect open ports, they also find out what protocol is available through that port.
IANA has a comprehensive port list. Of those, the ones you are most likely to need are listed below.
Remember that through these ports a service is requested, that is they have to respond on the server side.
Most protocols allow the requesting client to choose an arbitrary port above 1023 to communicate with the
server. Hence, usually you don’t need to open these ports on the client side.
Workstations (computers that are not servers) can usually close all ports for incoming traffic without
compromising functionality. This means you can keep all incoming ports closed as long as you do not
operate a server (for external web services) behind the firewall.
Ports you are most likely to use
• Port 22 (SSH) – secure shell access, for remote management purposes, remote backups
etc. Keep closed if you do not need it.
• Port 53 (DNS) – name services, translating address like http://www.gpcg.org.au into a valid
TCP/IP address; outgoing only, close for incoming packets.
• Port 80 (HTTP) – world wide web. Open it if you operate a web server, otherwise close for
incoming packets.
• Port 25 (SMTP) – transfer of emails.
• Port 110 (POP3) – email server using POP3 protocol.
• Port 143 (IMAP4) – email server using alternative IMAP protocol.
• Port 995 (secure POP3) – instead of port 110, if your mail server supports the POP3 protocol
over TLS/SSL.
• Port 993 (secure IMAP4) – instead of port 143 if your mail server supports the IMAP4
protocol over TLS/SSL.
• Port 443 (SSL) – secure socket layer; web browsing or email exchange via secure encrypted
link.
Unless you are an expert who knows exactly what to do, you should not have any ports open in your firewall
other than the ones listed above, and you should only open those if they really need to be opened.
Once again: Close all ports, try your applications out, and only then, if something does not work, try opening
that port (for outbound traffic only first, if your firewall configuration options allow this).