Default ports
Erigon use the following default port for each service:
| Component | Port | Protocol | Purpose | Should Expose |
|---|---|---|---|---|
| engine | 9090 | TCP | gRPC Server | Private |
| engine | 42069 | TCP & UDP | Snap sync (Bittorrent) | Public |
| engine | 8551 | TCP | Engine API (JWT auth) | Private |
| Sentry | 30303 | TCP & UDP | eth/68 peering | Public |
| Sentry | 30304 | TCP & UDP | eth/69 peering | Public |
| Sentry | 9091 | TCP | incoming gRPC Connections | Private |
| RPC Daemon | 8545 | TCP | HTTP & WebSockets & GraphQL | Private |
| mcp | 8553 | TCP | MCP server (AI assistants) | Private |
| shutter | 23102 | TCP | Peering | Public |
Typically, 30303 and 30304 are exposed to the internet to allow incoming peering connections. 9090 is exposed only internally for RPC Daemon or other connections, (e.g. RPC Daemon -> erigon). Port 8551 (JWT authenticated) is exposed only internally for Engine API JSON-RPC queries from the Consensus Layer node.
To ensure proper P2P functionality for both the Execution and Consensus layers use a minimal configuration without exposing unnecessary services:
- Avoid exposing other ports unless necessary for specific use cases (e.g., JSON-RPC or WebSocket);
- Regularly audit your firewall rules to ensure they are aligned with your infrastructure needs;
- Use monitoring tools like Prometheus or Grafana to track P2P communication metrics.
Command-Line Switches for Network and Port Configuration
Here is a comprehensive list of port-related options:
Engine
--private.api.addr [value]: Erigon's internal gRPC API, empty string means not to start the listener (default:127.0.0.1:9090)--txpool.api.addr [value]: TxPool api network address, (default: use value of--private.api.addr)--torrent.port [value]: Port to listen and serve BitTorrent protocol (default:42069)--authrpc.port [value]: HTTP-RPC server listening port for the Engine API (default:8551)
Sentry
--port [value]: Network listening port (default:30303)--p2p.allowed-ports [value]: Allowed ports to pick for different eth p2p protocol versions (default:30303,30304,30305,30306,30307)--sentry.api.addr [value]: Comma separated Sentry addresses<host>:<port>,<host>:<port>(default127.0.0.1:9091)
RPC Daemon
--ws.port [value]: WS-RPC server listening port (default:8546)--http.port [value]: HTTP-RPC server listening port (default:8545)
Caplin
--caplin.discovery.port [value]: Port for Caplin DISCV5 protocol (default:4000)--caplin.discovery.tcpport [value]: TCP Port for Caplin DISCV5 protocol (default:4001)
BeaconAPI
--beacon.api.port [value]: Sets the port to listen for beacon api requests (default:5555)
MCP Server
The embedded MCP server is enabled by default. To disable it, pass --mcp.disable.
--mcp.disable: Disables the embedded MCP server (default:false)--mcp.addr [value]: MCP server listening address (default:127.0.0.1)--mcp.port [value]: MCP server listening port (default:8553)
Diagnostics
--diagnostics.endpoint.port [value]: Diagnostics HTTP server listening port (default:6062)
Shutter Network Default Ports
The default peering port for Shutter is 23102 (TCP), to change it use --shutter.p2p.listen.port <value>.
Bootstrap nodes are used to help new nodes discover other nodes in the network. By default, the embedded configuration values are used, but these can be overridden with --shutter.p2p.bootstrap.nodes <value>.
Shared ports
--pprof.port [value]: pprof HTTP server listening port (default:6060)--metrics.port [value]: Metrics HTTP server listening port (default:6061)--downloader.api.addr [value]: Downloader address<host>:<port>