For running Filecoin Lotus and IPFS nodes, here are the key ports you should consider opening:
## IPFS Ports
**Required:**
- **4001** (TCP/UDP) - P2P swarm port for peer-to-peer communication
- **5001** (TCP) - API server (localhost only by default - be careful about exposing this)
- **8080** (TCP) - Gateway server (localhost only by default)
## Filecoin Lotus Ports
**Required:**
- **1234** (TCP) - Default API port for Lotus daemon
- **1235** (TCP) - Default port for Lotus miner API (if running a miner)
**For Storage/Retrieval:**
- **1777** (TCP) - Default libp2p port for Lotus daemon
- **2345** (TCP) - Default port for storage deals (miners)
## Security Recommendations
1. **API Ports (1234, 1235, 5001)**: Only expose these if absolutely necessary and use proper authentication. Consider using SSH tunneling instead.
2. **Firewall Rules Example:**
```bash
# IPFS P2P
sudo ufw allow 4001
# Lotus P2P
sudo ufw allow 1777
# Only allow API access from specific IPs
sudo ufw allow from YOUR_IP_ADDRESS to any port 1234
sudo ufw allow from YOUR_IP_ADDRESS to any port 5001
```
3. **Docker/Container Setup**: If using containers, map only the ports you need:
```bash
docker run -p 4001:4001 -p 1777:1777 ...
```
4. **Production Considerations:**
- Use reverse proxy (nginx/traefik) for HTTP endpoints
- Implement rate limiting
- Use SSL/TLS certificates
- Monitor port access logs
Would you like specific configuration examples for any of these services?