Essential Firewall Ports Configuration for Accessing External Git Repositories


5 views

```html

Essential Firewall Ports Configuration for Accessing External Git Repositories

When accessing external Git repositories, the following TCP ports must be open in your firewall:

  • Port 22: For SSH protocol connections (git@github.com:user/repo.git)
  • Port 443: For HTTPS protocol connections and Git's smart protocol over HTTPS
  • Port 9418: For legacy Git protocol (rarely used in modern setups)

Major Git hosting services may require additional ports:

# GitHub Enterprise additional ports
Port 8080 - HTTP alternate
Port 8443 - HTTPS alternate
Port 122 - SSH for management

For Linux iptables, add these rules:

sudo iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 9418 -j ACCEPT

For Windows Firewall using PowerShell:

New-NetFirewallRule -DisplayName "Allow Git HTTPS" -Direction Outbound -LocalPort 443 -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "Allow Git SSH" -Direction Outbound -LocalPort 22 -Protocol TCP -Action Allow

Use these commands to test connectivity:

# Test SSH access
ssh -T git@github.com -p 22

# Test HTTPS access
curl -I https://github.com

# Test port connectivity
telnet github.com 443
nc -zv github.com 22

In corporate environments, you might need to:

  • Whitelist specific Git provider IP ranges
  • Configure proxy settings in Git
  • Use certificate pinning for additional security
# Git proxy configuration
git config --global http.proxy http://proxy.example.com:8080
git config --global https.proxy https://proxy.example.com:8080

When opening firewall ports:

  • Limit outbound connections to known Git providers
  • Implement SSH key authentication instead of passwords
  • Regularly audit firewall rules
  • Consider using VPN for additional security

When accessing external Git repositories, you typically need to open specific ports depending on the protocol being used:


# Common Git protocols and their default ports:
- git://        TCP 9418 (unencrypted)
- https://      TCP 443
- ssh://        TCP 22
- http://       TCP 80 (not recommended)

For major Git hosting services:


# GitHub requires:
- TCP 22 (SSH)
- TCP 443 (HTTPS)
- TCP 9418 (Git protocol - rarely used)

# GitLab typically uses:
- TCP 22 (SSH)
- TCP 443 (HTTPS)

When using SSH protocol, ensure your firewall allows outbound connections to port 22:


# Sample .gitconfig for SSH
[url "ssh://git@github.com/"]
    insteadOf = https://github.com/

In enterprise environments, you might need additional configurations:


# For authenticated HTTPS access behind proxy:
git config --global http.proxy http://proxy.example.com:8080
git config --global https.proxy http://proxy.example.com:8080

Test your connection using these commands:


# Test SSH connectivity:
ssh -T git@github.com

# Test HTTPS connectivity:
curl -I https://github.com

# Test Git protocol:
git ls-remote git://github.com/git/git.git

Some hosts use non-standard ports for SSH:


# In ~/.ssh/config
Host git.example.com
    HostName git.example.com
    Port 2222
    User git