What This Port Does
Port 2377 is where Docker Swarm manager nodes listen for cluster management and Raft consensus communications. When you run docker swarm init, this is the port that opens. When worker nodes join a swarm, this is the port they connect to.
It's the command center. Workers receive tasks through it. Managers coordinate leadership through it. The Raft consensus algorithm — which keeps the cluster's state consistent across multiple managers — runs over it.
Docker Swarm's three ports divide responsibility cleanly:
| Port | Protocol | Purpose |
|---|---|---|
| 2377 | TCP | Cluster management, Raft consensus between managers |
| 7946 | TCP/UDP | Node-to-node communication and gossip |
| 4789 | UDP | Overlay network traffic (VXLAN) |
Port 2377 is the only one that needs to be reachable from worker nodes to manager nodes. The others are peer-to-peer between all nodes.
The Unregistered Squatter
Here's the awkward part: port 2377 is officially unassigned. IANA has no registered service for it.
Ports 2375 and 2376 — the Docker daemon's own HTTP and HTTPS ports — were formally registered with IANA. Someone filed the paperwork. Port 2377 was not. A GitHub issue opened in December 2016 asked Docker to fix this.1 As of 2026, the issue remains open and IANA still lists the port as unassigned.2
This isn't unusual. Docker chose the port, started using it, and millions of deployments followed. The IANA registry describes the Internet as it should be organized. Docker Swarm describes the Internet as it actually runs.
When You'll See It
You'll encounter port 2377 in firewall rules for any Docker Swarm deployment. The standard guidance:
- TCP 2377 must be open from worker nodes to manager nodes (not the reverse)
- If you have multiple manager nodes, TCP 2377 must be open between all managers
- Worker-to-worker traffic does not need this port
If you're debugging a Swarm join failure, a blocked port 2377 is the first thing to check.
Checking What's Listening
To see if something is running on port 2377 on your system:
If Docker Swarm is active on a manager node, you'll see dockerd listening here.
Why Unassigned Ports Matter
The registered port range (1024–49151) exists so applications can claim a number and others know to avoid it. When an application skips registration and just picks a number, it creates potential conflicts — two pieces of software assuming they own the same port.
In Docker Swarm's case, the risk is low. Port 2377 isn't claimed by anything else with significant deployment. But the principle holds: registration is how the Internet avoids collisions. Skipping it is a small act of squatting — usually harmless, occasionally not.
Frequently Asked Questions
האם דף זה היה מועיל?