Here is a brief summary of the ports and protocols used by Activesync, and their directions, to help configuring firewalls.
Direction |
Source Port |
Destination Port |
Name |
Description |
Used by |
Seen in |
IN |
any |
53/udp |
domain |
? |
? |
WM2003SE |
IN |
68/udp |
67udp |
DHCP |
Used to set device IP |
? |
WM2003SE,WM5,WM6 |
IN |
any |
990/tcp |
? |
handshake |
odccm, vdccm |
all versions |
IN |
5353/udp |
5353/udp |
mdns |
Multicast DNS |
avahi-daemon |
WM5,WM6 |
IN |
any |
5678/tcp |
rrac |
Remote Replication Agent Connection |
? |
? |
IN |
any |
5679/udp |
dccm |
Direct Cable Connect Manager |
odccm,vdccm |
all versions |
IN |
any |
5721/tcp |
dtpt |
Desktop Passthru |
? |
WM5,WM6 |
IN |
any |
7438/tcp |
? |
? |
? |
WM5,WM6 |
Here are some firewall configuration examples for common distributions :
IPTables based
You should add the following parameters to your system configuration :
# PPP / Windows Mobile < 5 iptables -A INPUT -i ppp+ -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT iptables -A INPUT -i ppp+ -m state --state NEW -m udp -p udp --sport 68 --dport 67 -j ACCEPT iptables -A INPUT -i ppp+ -m state --state NEW -m tcp -p tcp --dport 990 -j ACCEPT iptables -A INPUT -i ppp+ -m state --state NEW -m tcp -p tcp --dport 5678 -j ACCEPT iptables -A INPUT -i ppp+ -m state --state NEW -m tcp -p tcp --dport 5679 -j ACCEPT iptables -A INPUT -i ppp+ -m state --state NEW -m tcp -p tcp --dport 7438 -j ACCEPT # RNDIS / Windows Mobile 5+ iptables -A INPUT -i rndis+ -m state --state NEW -m udp -p udp --sport 68 --dport 67 -j ACCEPT iptables -A INPUT -i rndis+ -m state --state NEW -m tcp -p tcp --dport 990 -j ACCEPT iptables -A INPUT -i rndis+ -m state --state NEW -m udp -p udp --dport 5353 -j ACCEPT iptables -A INPUT -i rndis+ -m state --state NEW -m tcp -p tcp --dport 5721 -j ACCEPT iptables -A INPUT -i rndis+ -m state --state NEW -m udp -p udp --dport 5679 -j ACCEPT