Running nmap 127.0.0.1 on the gateway shows all the open ports.
The output is
PORT STATE SERVICE
9050/tcp open tor-socks
9100/tcp open jetdirect
9101/tcp open jetdirect
9102/tcp open jetdirect
9103/tcp open jetdirect
9110/tcp open unknown
9111/tcp open DragonIDSConsole
9200/tcp open wap-wsp
9207/tcp open wap-vcal-s
9220/tcp open unknown
Why are there so many ports open? What are they used for? They should be closed if not in use.
A lot references can be found by greping Whonix source code.
You can find most ports here:
And for any unknown ports still, please grep Whonix source code.
Thanks! All the ports were in the file you linked.
In theory - we could save some Whonix-Gateway RAM by using a mechanism similar to GitHub - Whonix/anon-ws-disable-stacked-tor / Dev/anon-ws-disable-stacked-tor - Whonix using systemd-socket-proxyd (systemd listens with a stub port and starts the actual service on demand) but this clashes with Tor, which has:
Does Whonix-Gateway RAM use less RAM with less open ports by Tor?
If there is something to it, we could perhaps auto generate Tor config and only on demand add ports to Tor’s config (when an application tried to use them) and then sudo systemctl reload tor@default after config update.
Or if we want to follow Tor Entry Guards - Whonix we could start a new Tor instance per application on demand. Still wouldn’t know how to handle the Tor ControlPort in that case. Perhaps only ControlPort for applications where we know these are going to use it.
[Any disk space issues with that due to multiple Tor state folders? ~ 7 MB per Tor data folder.]
I doubt having a few more ports open would increase RAM noticeably. Unless those ports could be used to connect to the Gateway and be used for malicious purposes, the advantages would be slim.