All Products
Search

This Product

    Elastic Compute Service:Common ports

    Document Center

    Elastic Compute Service:Common ports

    Last Updated:Mar 27, 2026

    Understanding the default ports for typical applications helps you accurately configure security group rules. These rules allow your server to offer services, such as SSH connections or SMTP email, on the correct ports. This topic describes the common ports for ECS instances and provides use case examples.

    Background information

    When you add a security group rule, you must specify a port or a port range. The security group then decides whether to forward data to the ECS instance based on an allow or deny policy.

    For example, when you use an SSH client such as Xshell to remotely connect to an ECS instance, the security group detects an SSH request from the public network or internal network. The security group then checks whether the source IP address of the request is allowed by an inbound rule and whether port 22 is open. The security group allows the connection only if a rule matches the request.

    Important

    Some carriers mark ports such as 25, 135, 139, 444, 445, 5800, and 5900 as high-risk ports and block them by default. Even if you allow traffic on these ports in your security group rules, users in affected regions may still be unable to access them. Therefore, we recommend that you run your services on other non-high-risk ports.

    For more information about ports used by Windows Server system applications, see Microsoft documentationService overview and network port requirements for Windows.

    Common ports

    The following table describes the default ports for typical applications.

    Port

    Service

    Description

    21

    FTP

    The File Transfer Protocol (FTP) port for uploading and downloading files.

    22

    SSH

    The SSH port, used to connect to Linux instances by using a command-line tool or remote connection software such as PuTTY, Xshell, or SecureCRT. For specific instructions, see Connect to a Linux instance using a password.

    23

    Telnet

    The Telnet port, used to remotely log on to an ECS instance.

    25

    SMTP

    The Simple Mail Transfer Protocol (SMTP) port for sending email.

    Note

    For security reasons, port 25 on ECS instances is restricted by default. We recommend that you use an SSL-encrypted port, typically port 465, to send emails.

    53

    DNS

    The port for the Domain Name System (DNS).

    Note

    If you use an allowlist for outbound security group rules, you must allow traffic on UDP port 53 for domain name resolution to function.

    80

    HTTP

    Used for HTTP services, such as IIS, Apache, and Nginx.

    To learn how to troubleshoot issues with port 80, see Check whether TCP port 80 works as expected.

    110

    POP3

    Used for Post Office Protocol 3 (POP3) to receive email.

    143

    IMAP

    Used for the Internet Message Access Protocol (IMAP) to receive email.

    443

    HTTPS

    Used for HTTPS services, which provide encrypted communication over a secure port.

    1433

    SQL Server

    The TCP port for SQL Server, used to provide external services.

    1434

    SQL Server

    The UDP port for SQL Server, used to obtain information such as the TCP/IP port number and IP address used by SQL Server.

    Important

    You need to open UDP port 1434 only if you use the SQL Server Browser service. If you do not use this service, we recommend that you close or restrict access to this port to improve security.

    1521

    Oracle

    The default service port for Oracle databases.

    3306

    MySQL

    The default service port for MySQL databases.

    3389

    Remote Desktop Services

    The port for Remote Desktop Services, used to connect to Windows instances. For more information, see Connect to a Windows instance by using a remote desktop connection or app.

    8080

    proxy port

    Like port 80, port 8080 is often used for WWW proxy services. If you use port 8080, you must append a colon and 8080 to the IP address when you access a website or use a proxy server (for example, IP address:8080). After you install the Apache Tomcat service, the default service port is 8080.

    137, 138, 139

    NetBIOS protocol

    The NetBIOS protocol is often used for Windows file and printer sharing, and for Samba.

    • UDP ports 137 and 138 are typically used for communication during file transfers in Network Neighborhood.

    • Port 139 is used to access NetBIOS/SMB services.

    5432

    PostgreSQL

    The default service port for PostgreSQL databases.

    6379

    Redis

    The default service port for Redis databases.

    Use case examples

    The following table provides examples of security group rule settings for some common use cases. For more examples, see Security group application guide and cases.

    Use case

    Network type

    Direction

    Policy

    Protocol

    Port range

    Object type

    Authorization object

    Priority

    Connect to a Linux instance over SSH

    Virtual Private Cloud (VPC)

    Inbound

    Allow

    Custom TCP

    SSH (22)

    CIDR block

    0.0.0.0/0

    1

    Connect to a Windows instance over RDP

    Virtual Private Cloud (VPC)

    Inbound

    Allow

    Custom TCP

    RDP (3389)

    CIDR block

    0.0.0.0/0

    1

    Ping an ECS instance from the public network

    Virtual Private Cloud (VPC)

    Inbound

    Allow

    All ICMP

    -1/-1

    CIDR block or security group

    Depends on the selected object type.

    1

    Use an ECS instance as a web server

    Virtual Private Cloud (VPC)

    Inbound

    Allow

    Custom TCP

    HTTP (80)

    CIDR block

    0.0.0.0/0

    1

    Upload or download files over FTP

    Virtual Private Cloud (VPC)

    Inbound

    Allow

    Custom TCP

    20/21

    CIDR block

    Specified IP address range

    1