Environment
Reflection for IBM version 14.x
Reflection for HP version 14.x
Reflection for ReGIS Graphics version 14.x
Reflection for UNIX and OpenVMS version 14.x
Reflection X version 14.x
Reflection FTP Client version 14.x
Reflection LPD version 14.0 through 14.0 SP7
Reflection for HP version 14.x
Reflection for ReGIS Graphics version 14.x
Reflection for UNIX and OpenVMS version 14.x
Reflection X version 14.x
Reflection FTP Client version 14.x
Reflection LPD version 14.0 through 14.0 SP7
Situation
This technical note lists the TCP and UDP ports used by Reflection applications and components. This information is useful for troubleshooting, and when configuring a firewall to allow Reflection connections.
Resolution
Important Security Notes:
- Creating a secure network environment is a complex task involving many custom elements designed to fit your individual network environment and security needs. The information provided in this note does not include all necessary security options for your environment. This information is designed only to provide Reflection customers with a framework on which to start building individual security environments.
- When configuring a firewall, be as restrictive as possible. Open only ports and IP protocols that are necessary for the connection types you intend to use, and be specific about whether the connection should be incoming or outgoing. The direction of the connection depends on where the connection is initiated and the protocol in use. For example, an active FTP connection requires the initiating computer to have outgoing port 21/tcp (command channel) and incoming port 20/tcp (data channel) open.
- The lists below specify only default Reflection ports. Depending on your network environment, you may need to configure additional port values.
Port Values
The tables below detail the port values for service protocols supported by the following Reflection applications. Whether or not the port should be configured for incoming or outgoing data depends on where the connection is initiated from and your network configuration.
Reflection Windows-Based Applications—Includes Reflection for IBM, Reflection for UNIX and OpenVMS, Reflection for ReGIS Graphics, and Reflection for HP.
Reflection PC X Server and NFS Client Applications—Includes Reflection X, Reflection NFS Client.
Reflection Components—Includes Reflection FTP, Reflection TimeSync, Reflection Line Printer Daemon (LPD), Reflection Ping.
Reflection PC X Server and NFS Client Applications—Includes Reflection X, Reflection NFS Client.
Reflection Components—Includes Reflection FTP, Reflection TimeSync, Reflection Line Printer Daemon (LPD), Reflection Ping.
The values used by Reflection are IANA (Internet Assigned Numbers Authority) and other standard values.
Reflection Windows-Based Applications
The following ports and service protocols are used in Reflection for IBM, Reflection for UNIX and OpenVMS, Reflection for ReGIS Graphics, and Reflection for HP.
Application abbreviation key:
RIBM - Reflection for IBM
RUO - Reflection for UNIX and OpenVMS
RRG - Reflection for ReGIS Graphics
RHP - Reflection for HP
RUO - Reflection for UNIX and OpenVMS
RRG - Reflection for ReGIS Graphics
RHP - Reflection for HP
| Port / IP Protocol |
Service Protocol |
Comment |
RIBM |
RUO |
RRG |
RHP |
| 20/tcp |
FTP-data |
Data channel |
|
X |
X |
X |
| 21/tcp |
FTP |
Command channel |
|
X |
X |
X |
| 22/tcp |
SSH |
Secure Shell, sftp, scp |
|
X |
X |
X |
| 23/tcp |
Telnet |
Telnet; TN3270; TN3270; TN5250 |
X |
X |
X |
X |
| 42/tcp |
Nameserver |
Hostname to IP address |
X |
X |
X |
X |
| 53/udp/tcp |
DNS |
Domain Name Services |
X |
X |
X |
X |
| 80/tcp |
HTTP |
Unsecure HTTP via Reflection Web Launch and Reflection for the Web |
X |
X |
X |
X |
| 88/udp/tcp |
Kerberos |
Kerberos authentication |
X |
X |
X |
X |
| 443/udp/tcp |
https |
Secure http via Reflection Web Launch and Reflection for the Web |
X |
X |
X |
X |
| 443/udp/tcp |
kpasswd |
Kerberos password changing (kpasswd daemon) |
X |
X |
X |
X |
| 513/tcp |
login |
rlogin |
|
X |
X |
X |
| 749/udp/tcp |
kerberos-adm |
Kerberos password changing (v5passwdd daemon) |
X |
X |
X |
X |
| 992/tcp |
telnet |
SSL-secured Telnet |
X |
X |
X |
X |
| 1080/udp/tcp |
socks |
SOCKS |
X |
X |
X |
X |
| 1024-5000 |
VAXLINK2 FFT |
Fast file transfer |
|
X |
X |
X |
| 1530 1537 |
NS/VT |
Network Services, Virtual Terminal |
|
X |
X |
X |
| 1649/udp/tcp |
kermit |
Kermit file transfer |
|
X |
X |
X |
| 8471/tcp |
lipi |
AS/400 LIPI file transfer |
X |
|
|
|
| 8476/tcp |
lipi |
AS/400 signon server port |
X |
|
|
|
| 8478/tcp |
ehntfw |
AS/400 EHNTFW file transfer |
X |
|
|
|
| 30000-40000 |
PCLINK FFT |
Fast file transfer |
|
X |
X |
X |
Reflection PC X Server and NFS Client Applications
The following ports and service protocols are used in Reflection X and Reflection NFS Client.
Note the following:
- Reflection X XDMCP broadcasts and Reflection NFS Client connections do not use well-known port numbers and can not be used through a firewall.
- Beginning in version 14.1, the Reflection NFS Client is no longer available.
Application abbreviation key:
RX - Reflection X
NFS - Reflection NFS Client
NFS - Reflection NFS Client
| Port / IP Protocol |
Service Protocol |
Comment |
RX |
NFS |
| 22/tcp |
SSH |
Secure Shell, sftp, scp |
X |
|
| 23/tcp |
Telnet |
Telnet; TN3270; TN3270; TN5250 |
X |
|
| 42/tcp |
Nameserver |
Hostname to IP address |
X |
X |
| 53/udp/tcp |
DNS |
Domain Name Services |
X |
X |
| 80/tcp |
HTTP |
Unsecure HTTP via Reflection Web Launch and Reflection for the Web |
X |
|
| 88/udp/tcp |
Kerberos |
Kerberos authentication |
X |
|
| 111 |
Sunrpc |
Portmapper |
|
X |
| 177/udp |
XDMCP Broadcast |
X Display Manager |
X |
|
| 443/udp/tcp |
https |
Secure http via Reflection Web Launch and Reflection for the Web |
X |
|
| 443/udp/tcp |
kpasswd |
Kerberos password changing (kpasswd daemon) |
X |
|
| 512/tcp |
exec |
rexec |
X |
|
| 513/tcp |
login |
rlogin |
X |
|
| 514/tcp |
shell |
rsh |
X |
|
| 635/udp |
mount |
NFS mount service |
|
X |
| 640/udp |
pcnfs |
PC-NFS DOS authentication |
|
X |
| 731/udp 733/udp |
ypserv |
NIS server and binder processes |
|
X |
| 732/tcp |
ypserv |
NIS server and binder processes |
|
X |
| 749/udp/tcp |
kerberos-adm |
Kerberos password changing (v5passwdd daemon) |
X |
|
| 1080/udp/tcp |
socks |
SOCKS |
X |
|
| 2049/udp/tcp |
nfsd |
NFS file service |
|
X |
| 6000/tcp |
X Protocol |
Incoming ports for RX clients |
X |
|
| 7000/tcp |
fs |
X font server |
X |
|
| 7100/tcp |
xfs |
X font server |
X |
|
Reflection Components
The following ports and service protocols are used in Reflection FTP, Reflection TimeSync, Reflection Line Printer Daemon (LPD), and Reflection Ping.
Note: Beginning in version 14.1, the following components are no longer available: TimeSync, LPD, and Ping. If you have any of these utilities installed on your system, they are removed when you upgrade to 14.1.
Component abbreviation key:
RFTP - Reflection FTP
LPD - Reflection Line Printer Daemon
LPD - Reflection Line Printer Daemon
| Port / IP Protocol |
Service Protocol |
Comment |
RFTP |
TimeSync |
LPD |
Ping |
| 7/icmp |
Echo |
Data echo |
|
|
|
X |
| 20/tcp |
FTP-data |
Data channel |
X |
|
|
|
| 21/tcp |
FTP |
Command channel |
X |
|
|
|
| 22/tcp |
SSH |
Secure Shell, sftp, scp |
X |
|
|
|
| 37/udp/tcp |
Time |
Timeserver |
|
X |
|
|
| 42/tcp |
Nameserver |
Hostname to IP address |
X |
X |
X |
X |
| 53/udp/tcp |
DNS |
Domain Name Services |
X |
X |
X |
X |
| 88/udp/tcp |
Kerberos |
Kerberos authentication |
X |
|
|
|
| 123/udp |
NTP |
Network Time Protocol |
|
X |
|
|
| 443/udp/tcp |
kpasswd |
Kerberos password changing (kpasswd daemon) |
X |
|
|
|
| 515/tcp |
printer |
spooler |
|
|
X |
|
| 520/udp |
route |
routed |
|
|
|
X |
| 749/udp/tcp |
kerberos-adm |
Kerberos password changing (v5passwdd daemon) |
X |
|
|
|
| 1080/udp/tcp |
socks |
SOCKS |
X |
|
|