In case you’ve ever wondered how to figure out which type of port your traffic is using (source/destination) for the purposes of setting up iptables (with or without webmin), here’s a little help.

The truth of the matter is that it varies depending on the type of traffic, but you typically want to set the port as a destination port when you’re doing something like port forwarding. Here’s an example of  what’s going on for http traffic: a client computer doesn’t start it’s connection on port 80, it chooses a random, high-numbered port to open the connection on it’s side, so the source port could be 10843. The connection is going to port 80 on the server, since that’s what the server is listening on (unless you’re using a non-standard http port), so 80 is your destination port. This isn’t true for all types of traffic though, which confused me a bit this last week when setting up my firewall from scratch on a Ubuntu server. For something like ntp, the client actually starts it’s request on port 123 (source), and ends up at 123 on the ntp server (destination). So for ntp, you could theoretically set a firewall rule that used 123 as the source port instead of destination port, and it would work, but doing so for port 80 for http traffic will not. Regarding the ntp port, I believe this is also why you can’t run the ntpdate command (a one time synchronization) when the ntp service is running. Both the client and server use the same port on both ends of the communication.