Port requirements for S3 File Gateway
Storage Gateway requires the following ports for its operation. Some ports are common to all gateway types and are required by all gateway types. Other ports are required by specific gateway types. In this section, you can find an illustration of the required ports and a list of the ports required by each gateway type.
File Gateways
The following illustration shows the ports to open for File Gateways' operation.
The following ports are common to all gateway types and are required by all gateway types.
From |
To |
Protocol |
Port |
How Used |
---|---|---|---|---|
Storage Gateway VM |
Amazon Web Services |
Transmission Control Protocol (TCP) |
443 (HTTPS) |
For communication from an Storage Gateway VM to an Amazon service endpoint. For information about service endpoints, see Allowing Amazon Storage Gateway access through firewalls and routers. |
Your web browser |
Storage Gateway VM |
TCP |
80 (HTTP) |
By local systems to obtain the Storage Gateway activation key. Port 80 is used only during activation of a Storage Gateway appliance. A Storage Gateway VM doesn't require port 80 to be publicly accessible. The required level of access to port 80 depends on your network configuration. If you activate your gateway from the Storage Gateway Management Console, the host from which you connect to the console must have access to your gateway’s port 80. |
Storage Gateway VM |
Domain Name Service (DNS) server |
User Datagram Protocol (UDP)/UDP |
53 (DNS) |
For communication between a Storage Gateway VM and the DNS server. |
Storage Gateway VM |
Amazon Web Services |
TCP |
22 (Support channel) |
Allows Amazon Web Services Support to access your gateway to help you with troubleshooting gateway issues. You don't need this port open for the normal operation of your gateway, but it is required for troubleshooting. |
Storage Gateway VM |
Network Time Protocol (NTP) server |
UDP |
123 (NTP) |
Used by local systems to synchronize VM time to the host time. A Storage Gateway VM is configured to use the following NTP servers:
NoteNot required for gateways hosted on Amazon EC2. |
Amazon Storage Gateway Hardware Appliance |
Hypertext Transfer Protocol (HTTP) proxy |
TCP |
8080 (HTTP) |
Required briefly for activation. |
The following table lists the required ports that must be opened for a File Gateway using either the Network File System (NFS) or Server Message Block (SMB) protocol. These port rules are part of your security group definition.
Rule | Network Element | File Share Type | Protocol | Port | Inbound | Outbound | Required? | Notes |
---|---|---|---|---|---|---|---|---|
1 | File share client | NFS | TCP/UDP Data | 111 | ✓ | ✓ | ✓ | File sharing data transfer (for NFS only) |
TCP/UDP NFS | 2049 | ✓ | ✓ | ✓ | File sharing data transfer (for NFS only) | |||
TCP/UDP NFSv3 | 20048 | ✓ | ✓ | ✓ | File sharing data transfer (for NFS only) | |||
SMB | TCP/UDP SMBv2 | 139 | ✓ | ✓ | ✓ | File sharing data transfer session service (for SMB only); replaces ports 137–139 for Microsoft Windows NT and later | ||
TCP/UDP SMBv3 | 445 | ✓ | ✓ | ✓ | File sharing data transfer session service (for SMB only); replaces ports 137–139 for Microsoft Windows NT and later | |||
2 | Web browser | NFS and SMB | TCP HTTP | 80 | ✓ | ✓ | ✓ | Amazon Web Services Management Console (activation only) |
TCP HTTPS | 443 | ✓ | ✓ | ✓ | Amazon Web Services Management Console (all other operations) | |||
3 | DNS | NFS and SMB | TCP/UDP DNS | 53 | ✓ | ✓ | ✓ | IP name resolution |
4 | NTP | NFS and SMB | UDP NTP | 123 | ✓ | ✓ | ✓ | Time synchronization service NoteNot required for gateways hosted on Amazon EC2. |
5 | Microsoft Active Directory | SMB | UDP NetBIOS | 137 | ✓ | ✓ | ✓ | Name service (not used for NFS) |
UDP NetBIOS | 138 | ✓ | ✓ | ✓ | Datagram service | |||
TCP/UDP LDAP | 389 | ✓ | ✓ | Microsoft Active Directory - Directory System Agent (DSA); client connection | ||||
TCP/UDP Kerberos | 88 | ✓ | ✓ | |||||
TCP Distributed Computing Environment/End Point Mapper (DCE/EMAP) | 135 | ✓ | ✓ | |||||
6 | Amazon S3 | NFS and SMB | HTTPS data | 443 | ✓ | ✓ | ✓ | Storage data transfer |
7 | Storage Gateway | NFS and SMB | TCP SSH | 22 | ✓ | ✓ | ✓ | Support channel |
TCP HTTPS | 443 | ✓ | ✓ | ✓ | Management control | |||
8 | Amazon CloudFront | NFS and SMB | TCP HTTPS | 443 | ✓ | ✓ | ✓ | For activation |