Services, Protocols, and Ports

Document revision 23-Oct-2002
This document applies to the MikroTik RouterOS V2.6

Overview

This document lists protocols and ports used by various MikroTik RouterOS services. It helps you to determine why your MikroTik router listens to certain ports, and what you need to block/allow if you want to prevent or grant access to the certain services. Please see the relevant sections of the Manual for more explanations.

Complete list of protocol numbers can be found at http://www.iana.org/assignments/protocol-numbers
Complete list of port numbers can be found at http://www.iana.org/assignments/port-numbers

Some service settings can be changed under /ip service menu. You can specify IP addresses from which the service is accessible, for example: 

[admin@MikroTik] ip service> set www port=8081 address=10.5.0.0/16              
[admin@MikroTik] ip service> print                                              
Flags: X - disabled, I - invalid 
  #   NAME                                             PORT  ADDRESS           
  0   telnet                                           23    0.0.0.0/0         
  1   ftp                                              21    0.0.0.0/0         
  2   www                                              8081  10.5.0.0/16       
[admin@MikroTik] ip service>

Below is list of protocols and ports used by MikoTik RouterOS services. Some services require additional package to be installed, as well as enabling them, e.g., bandwidth server. 

Port      Description
------------------------------------------------------------------------
20/tcp    File Transfer [Default Data]
21/tcp    File Transfer [Control] (Change under /ip service)
22/tcp    SSH Remote Login Protocol (Only with ssh package)
23/tcp    Telnet
53/tcp    Domain Name Server (Only with dns-cache package)
53/udp    Domain Name Server (Only with dns-cache package)
67/udp    Bootstrap Protocol Server, DHCP Server (only with dhcp package)
68/udp    Bootstrap Protocol Client, DHCP Client (only with dhcp package)
80/tcp    World Wide Web HTTP (Change under /ip service)
123/tcp   Network Time Protocol (Only with ntp package)
161/tcp   SNMP (Only with snmp package)
500/udp   IKE protocol (Only with ipsec package)
179/tcp   Border Gateway Protocol (Only with bgp package)
1719/udp  h323gatestat (Only with telephony package) 
1720/tcp  h323hostcall (Only with telephony package)
1723/tcp  pptp (Only with pptp package)
2000/tcp  bandwidth-test server
3986/tcp  proxy for winbox            
3987/tcp  sslproxy for secure winbox (Only with ssh package)            
5678/udp  MikroTik Neighbor Discovery
8080/tcp  HTTP Alternate (Only with web-proxy package, can be changed)
/1        ICMP - Internet Control Message
/4        IP - IP in IP (encapsulation)          
/47       GRE - General Routing Encapsulation (Only for pptp and eoip)
/50       ESP - Encap Security Payload for IPv6 (Only with ipsec package)
/51       AH - Authentication Header for IPv6 (Only with ipsec package)    
/89       OSPFIGP - OSPF Interior Gateway Protocol  
------------------------------------------------------------------------

© Copyright 1999-2002, MikroTik