A network port is a communications channel between two computers. Each port is generally bound to a specific service on the computer (with some exceptions) which will answer or direct the traffic.
Ports work at Layer 4 of the Open Systems Intercommunication (OSI) model, often called the transport layer. Only these transport layer protocols such as TCP and UDP can determine destination ports for packets, since protocols at other OSI layers aren't aware of which ports are in use. However, this has little to no impact on overall networking as networking protocols and transport protocols are almost always used together.
How do network ports work?
Ports are also standardized. Across applications and the greater internet, certain port numbers (ranging from 0 to 65535) are reserved for different purposes. And while tens of thousands ports do exist, not all have widespread use. Here are some well-known and lesser-known port numbers:
Port 80 – HTTP traffic
Port 443 – Encrypted HTTPS traffic, while supporting services like DNS over HTTPS
Port 53 – Domain Name System (DNS) traffic, powering both DNS lookup and DNS resolution across the internet
Ports 20 and 21 – File Transfer Protocol (FTP) which allows file transfers between clients and servers
Port 22 – Supports Secure Shell (SSH) communications, which is one of multiple tunneling protocols enabling remote logins and file transfers between machines
Port 587 – Replacing port 25 in common use, this supports encrypted SMTP communication (unlike its predecessor).
Port 123 – Supports the Network Time Protocol (NTP), letting computer clocks sync and therefore supporting authentication (and ensuring users wake up on time).
Port 3389 – Supports the Remote Desktop Protocol (RDP), letting users connect remotely to their desktops from other devices.
Ports also introduce security risks. Services can be listening on unexpected ports (for example, a database server that should only be accessible locally can listen everywhere) or approved services can have security issues (like an attacker asking for a configuration file). For this reason, blocking unused ports is often recommended, and many network firewalls can help thwart potential attackers by disabling these.
Load balancers (such as HAProxy) can also be the only servers exposed to the public internet, and thus select which services external users may access (and apply web application firewalls and similar security layers) to help protect against opportunistic attackers. While this can prevent crucial traffic from passing through if misconfigured, a smart blocking strategy can sidestep this potential issue.
How does HAProxy handle network ports?
The HAProxy configuration contains one or more ‘bind’ lines which define which IP address and port combinations HAProxy will listen on (along with options such as encryption). From these bind lines HAProxy will inspect the traffic and follow its configuration, which can be used to send traffic headed to one port to multiple services. This even goes as far as inspecting client traffic and sending HTTPS traffic to different sets of servers.
Port management and configuration are central to HAProxy load balancing, as these directly impact the flow of traffic through the load balancer—including log message forwarding. To learn about port specification and binds within HAProxy, start with our frontends documentation.
