Updated on 2024-03-19 GMT+08:00

Common Ports Used by ECSs

When adding a security group rule, you must specify a port or port range for communications. Traffic is then allowed or denied if traffic matches this rule. Suppose a client requests to remotely log in to an ECS using SSH. When the request reaches the security group, the IP address and port of the client will be checked. If the IP address and the port match the allow rules in the security group, the request is allowed.

Table 1 lists some high-risk ports that are blocked by default. Even if you have added a security group rule to allow access over these ports, traffic over these ports in restricted regions is still denied. In this case, do not use these high-risk ports for your services.
Table 1 High-risk ports

Protocol

Port

TCP

42, 135, 137, 138, 139, 444, 445, 593, 1025, 1068, 1433, 1434, 3127, 3128, 3129, 3130, 4444, 4789, 5554, 5800, 5900, 8998, 9995, and 9996

UDP

135~139 1026 1027 1028 1068 1433 1434 4789 5554 9995 9996

Common Ports

Table 2 lists the common ports used by ECSs. You can configure security group rules to allow traffic to and from specified ECS ports. For details, see Adding a Security Group Rule. For more information about requirements for Windows, see Service overview and network port requirements for Windows.

Table 2 Common ports used by ECSs

Port

Protocol

Description

21

FTP

Used by FTP services for uploading and downloading files. For configuration examples, see Remotely Connecting to an ECS from a Local Server to Upload or Download FTP Files.

22

SSH

Used to remotely connect to Linux ECSs. For configuration examples, see Remotely Logging In to an ECS from a Local Server.

For details about how to log in to a Linux ECS, see Linux ECS Login Overview.

23

Telnet

Used to remotely log in to ECSs.

25

SMTP

Used to send emails.

For security purposes, TCP port 25 is disabled in the outbound direction by default. For details about how to open the port, see Why Is Outbound Access Through TCP Port 25 Restricted?

80

HTTP

Used to access websites over HTTP. For configuration examples, see Setting Up a Website on an ECS to Provide Services Externally.

110

POP3

Used to receive emails using Post Office Protocol version 3 (POP3).

143

IMAP

Used to receive emails using Internet Message Access Protocol (IMAP).

443

HTTPS

Used to access websites over HTTPS. For configuration examples, see Setting Up a Website on an ECS to Provide Services Externally.

1433

SQL Server

A TCP port of the SQL Server for providing services. For configuration examples, see Allowing External Instances to Access the Database Deployed on an ECS.

1434

SQL Server

A UDP port of the SQL Server for returning the TCP/IP port number used by the SQL Server. For configuration examples, see Allowing External Instances to Access the Database Deployed on an ECS.

1521

Oracle

Used for Oracle database communications. This port must be enabled on the ECSs where Oracle SQL Server is deployed. For configuration examples, see Allowing External Instances to Access the Database Deployed on an ECS.

3306

MySQL

Used by MySQL databases to provide services. For configuration examples, see Allowing External Instances to Access the Database Deployed on an ECS.

3389

Windows Server Remote Desktop Services

Used to connect to Windows ECSs. For configuration examples, see Remotely Logging In to an ECS from a Local Server.

For details about how to log in to a Windows ECS, see Windows ECS Login Overview.

8080

Proxy

Used by the WWW proxy service for web browsing, like port 80. If you use port 8080, you need to add :8080 after the IP address when you visit a website or use a proxy server. If Apache Tomcat is installed, its default service port is 8080.

137, 138, and 139

NetBIOS

Used for Windows files, printer sharing, and Samba.

  • Ports 137 and 138: UDP ports that are used when files are transferred using Network Neighborhood (My Network Places).
  • Port 139: Connections from this port try to access the NetBIOS/SMB service.