I am installing an application on Fedora Core 14 that uses a lot of sockets (eight of them) for TCP communication between various servers, all running on the same localhost. I've been trying to find some info on what ports are generally open on linux, but am not having any luck.
The default config file is set up to use 4449 and 12001-12007. Are these ports open for internal comms, or do I have to create selinux exceptions?
If the application has proper SELinux policy shipped with it, creating sockets will be allowed in the policy.
If there is no policy for the application, it'll run as either unconfined_t (if started by you, directly), or initrc_t (if started through sysvinit). SELinux will not trouble you if you run in one of those two contexts.
You only need to add to existing SELinux policy, if the policy does not suffice for you, and that generally only happens if you are running an application that is confined, but buggy or incompletely or you are doing exotic things with the application.
netstat -an will show you which ports are open and in use (the '-n' part means show you numeric results as opposed to symbolic port names).
You may need to adjust the firewall settings too though, either using a graphical firewall config utility or the iptables command line if you'd prefer that.
A port is open if a program is listening to that port. Until that, the port is closed (or better, there is no socket opened listening to that port). In addition, the lowest port number(1-1023) are generally reserved for system processes that are used for well-know network services (web servers, ftp, ssh, etc..) and you need privileges to open a socket listening on that range.
lsof -i4 or lsof -i6 will list what files are using which IPv4 ports and which IPv6 ports respectively.
The /etc/services file contains a list of which programs are generally known to run on which ports. However, there is nothing forcing a particular program to use a particular port, so don't take /etc/services as the one and only way you'll ever find things setup. People, either on accident or purposely, move programs to "non-standard" ports... sometimes for malicious reasons, sometimes not.
I've been trying to find some info on what ports are generally open on linux, but am not having any luck.
It's difficult to comment on what ports are open on a "typical" installation, because due to the differences between distributions and myriad of situations Linux can be used in there's really no golden standard here other than run only as many programs as you absolutely have too.
I suggest you start with Fedora Core 14's Security document to help make that determination yourself.
The default config file is set up to use 4449 and 12001-12007. Are these ports open for internal comms, or do I have to create selinux exceptions?
Port numbers below 1024 are generally reserved for core network services and require superuser privileges to bind a program to. Ports between 1024 - 65535 are referred to as ephemeral ports and are treated different. They are generally used for client-side of the TCP interaction. I'm not sure whether this addresses your question about whether they are open for internal communication, but you are best advised to not change them unless you have a good reason to. The netstat -an command suggested by Wes Hardaker will show you whether or not they are available to any interface other than 127.0.0.1 and thus not limited to just internal loopback connections.
As for SELinux... it's a complicated beast. wzzrd's answer is a great place to start as well as the SELinux section in the Security Guide..