Which port does Ubuntu Software Center use?
I have installed the gufw firewall utility and want to make a whitelist of ports (want maximum security, but whitelisting single IPs is currently too tedious). I have so far only entered ports 53 (for DNS), 80 (for HTTP) and 443 (for HTTPS), both in- and outgoing, into the whitelist and closed the firewall, but Ubuntu Software Center can install programs without hindrance, whereas the firewall definitely is running (www content won't load when list entries are not present).
Is it using any of these ports for program data transfer? Seems strange to me. Or is there an overriding exception pre-defined in Ubuntu (this is a new setup, 12.04)? What is probably the case here, and what port does the Software Center use for program data (I assume it does use HTTP for the interface and list entries, but the programs themselves?)?
TLDR:
Why does Ubuntu Software Center get through my firewall which blocks all but DNS/HTTP/HTTPS (via blocking all other ports), so that it can install programs?
Which port does it use for the program data transfer?
Solution 1:
Here's what I found out by running Wireshark while installing a single application using the Ubuntu Software Centre:
- DNS requests (outgoing to UDP port 53 to your configured DNS server, for...) and HTTP (outgoing to TCP port 80 to...)
reviews.ubuntu.com
myapps.developer.ubuntu.com
software-center.ubuntu.com
- Everything about your local APT configuration (repositories configured). This is usually either HTTP or FTP and requires DNS as well of course. See your "Software Sources" to see what Ubuntu archives mirror you're using. If you can run
sudo apt-get update
without errors, you're all set.
Note: I did not find any HTTPS traffic. However, this may be the case for private PPAs (used for commercial software).
Solution 2:
If you block everything except ssh and run apt-get update it will return both the IPs and ports:
Err:2 http://archive.canonical.com/ubuntu xenial InRelease
Could not connect to archive.canonical.com:80 (91.189.92.191). - connect (111: Connection refused) [IP: 91.189.92.191 80]
Err:3 http://us-east1.gce.archive.ubuntu.com/ubuntu xenial InRelease
Could not connect to us-east1.gce.archive.ubuntu.com:80 (35.196.129.83). - connect (111: Connection refused) [IP: 35.196.129.83 80]
Err:4 http://us-east1.gce.archive.ubuntu.com/ubuntu xenial-updates InRelease
Unable to connect to us-east1.gce.archive.ubuntu.com:http: [IP: 35.196.129.83 80]
Err:5 http://us-east1.gce.archive.ubuntu.com/ubuntu xenial-backports InRelease
Unable to connect to us-east1.gce.archive.ubuntu.com:http: [IP: 35.196.129.83 80]
Err:6 http://security.ubuntu.com/ubuntu xenial-security InRelease
Could not connect to security.ubuntu.com:80 (91.189.88.162). - connect (111: Connection refused) [IP: 91.189.88.162 80]
Reading package lists...
Maybe better if you test on a real console and not a remote terminal. Unplug the LAN cable and run apt update then check the errors returned.