Firewall Information and Setup for Advanced Users
Last updated
September 11, 2009 8:53:10 AM PDT
Learn about advanced features and references for firewalls.
In the right place? Learn about basic firewall features on Firewall Overview.
A firewall is designed to block applications that send info out or allow it in. Problems arise when the firewall blocks applications that are legit. This is a list of commonly-used, legit applications and the ports they use so that you can make exceptions to these applications in your advanced firewall setup.
Application
|
Port
|
| Terminal Services (Remote Desktop) |
TCP 3389 |
| iTunes Sharing |
TCP 3689
UDP 5353 |
| X11 Forwarding |
TCP 6000-6010 |
| FTP Server |
TCP 21 |
| IMAP 3 (Mail server protocol) |
TCP 220 |
| IMAP 4 (Mail server protocol) |
TCP 143 |
| SMTP (Outgoing mail server) |
TCP 25 |
| Apple Remote Desktop 2 |
TCP 5900 |
| Timbuku |
TCP 407 |
| Retrospect Backup |
TCP 497 |
| Microsoft Messenger Service |
TCP 11565
UDP 9514 |
| POP3 (POP3 mail server) |
TCP 110 |
| HTTP (Web Server) |
TCP 80 |
| HTTPS (Secure web server) |
TCP 443 |
| SSH Server |
TCP 22 |
| Telnet server |
TCP 23 |
| Intermapper (Web services) |
TCP 8181 |
Windows XP Advanced Internet Control Message Protocol (ICMP) Definitions
- Allow incoming echo request - Allows local computer to reply to ICMP echo requests(ping) verifying it is on the network
For security reasons, UCSD Network Security recommends disabling the following firewall options:
- Allow incoming timestamp request - Allows local computer to reply to ICMP timestamp requests, gives date set on local machine
- Allow incoming mask request - Allows local computer to respond to ICMP requests for network and subnet currently set
- Allow incoming router request - Allows local computer to respond to ICMP router advertisements/ solicitations
- Allow outgoing destination unreachable - Local computer may inform outside network whether or not it can access addresses locally
- Allow outgoing source quench - Local computer can issue source quench commands to ask other host to slow data transmission
- Allow outgoing parameter problem - Local computer can send information if ICMP messages have problems
- Allow outgoing time exceeded - Local computer may reply when timeout is exceeded on ICMP requests
- Allow redirect - Local computer may reroute ICMP traffic on the local network
