Update readme ports (#8205)

.gitignore

@@ -88,3 +88,5 @@ __debug_bin
 caplin-recordings
 
 jwt.hex
+
+.tool-versions

README.md

@@ -530,60 +530,61 @@ Detailed explanation: [./docs/programmers_guide/db_faq.md](./docs/programmers_gu
 
 ### Default Ports and Firewalls
 
+
+
 #### `erigon` ports
 
-| Port  | Protocol  |        Purpose         | Expose  |
-|:-----:|:---------:|:----------------------:|:-------:|
-| 30303 | TCP & UDP |     eth/66 peering     | Public  |
-| 30304 | TCP & UDP |     eth/67 peering     | Public  |
-| 9090  |    TCP    |    gRPC Connections    | Private |
-| 42069 | TCP & UDP | Snap sync (Bittorrent) | Public  |
-| 6060  |    TCP    |    Metrics or Pprof    | Private |
-| 8551  |    TCP    | Engine API (JWT auth)  | Private |
+
+| Component | Port  | Protocol  | Purpose                     | Should Expose |
+| --------- | ----- | --------- | --------------------------- | ------------- |
+| engine    | 9090  | TCP       | gRPC Server                 | Private       |
+| engine    | 42069 | TCP & UDP | Snap sync (Bittorrent)      | Public        |
+| engine    | 6060  | TCP       | Metrics or Pprof            | Private       |
+| engine    | 8551  | TCP       | Engine API (JWT auth)       | Private       |
+| sentry    | 30303 | TCP & UDP | eth/68 peering              | Public        |
+| sentry    | 30304 | TCP & UDP | eth/67 peering              | Public        |
+| sentry    | 9091  | TCP       | incoming gRPC Connections   | Private       |
+| rpcdaemon | 8545  | TCP       | HTTP & WebSockets & GraphQL | Private       |
+
+
+
 
 Typically, 30303 and 30304 are exposed to the internet to allow incoming peering connections. 9090 is exposed only
 internally for rpcdaemon or other connections, (e.g. rpcdaemon -> erigon).
 Port 8551 (JWT authenticated) is exposed only internally for [Engine API] JSON-RPC queries from the Consensus Layer
 node.
 
-#### `RPC` ports
 
-| Port | Protocol |           Purpose           | Expose  |
-|:----:|:--------:|:---------------------------:|:-------:|
-| 8545 |   TCP    | HTTP & WebSockets & GraphQL | Private |
 
-Typically, 8545 is exposed only internally for JSON-RPC queries. Both HTTP and WebSocket and GraphQL are on the same
-port.
 
-#### `sentry` ports
 
-| Port  | Protocol  |     Purpose      | Expose  |
-|:-----:|:---------:|:----------------:|:-------:|
-| 30303 | TCP & UDP |     Peering      | Public  |
-| 9091  |    TCP    | gRPC Connections | Private |
+#### `caplin` ports
+| Component | Port | Protocol | Purpose          | Should Expose |
+| --------- | ---- | -------- | ---------------- | ------------- |
+| sentinel  | 4000 | UDP      | Peering          | Public        |
+| sentinel  | 4000 | UDP      | Peering          | Public        |
+| sentinel  | 4001 | TCP      | Peering          | Public        |
+| sentinel  | 7777 | TCP      | gRPC Connections | Private       |
 
-Typically, a sentry process will run one eth/xx protocol (e.g. eth/66) and will be exposed to the internet on 30303.
-Port
-9091 is for internal gRCP connections (e.g erigon -> sentry).
 
-#### `sentinel` ports
+If you are using `--internalcl` aka `caplin` as your consensus client, then also look at the chart above
 
-| Port | Protocol |     Purpose      | Expose  |
-|:----:|:--------:|:----------------:|:-------:|
-| 4000 |   UDP    |     Peering      | Public  |
-| 4001 |   TCP    |     Peering      | Public  |
-| 7777 |   TCP    | gRPC Connections | Private |
 
-#### Other ports
+#### `shared` ports
+
+| Component | Port  | Protocol  | Purpose                     | Should Expose |
+| --------- | ----- | --------- | --------------------------- | ------------- |
+| all       | 6060 | TCP      | pprof            | Private       |
+| all       | 6060 | TCP      | metrics          | Private       |
 
-| Port | Protocol | Purpose | Expose  |
-|:----:|:--------:|:-------:|:-------:|
-| 6060 |   TCP    |  pprof  | Private |
-| 6060 |   TCP    | metrics | Private |
 
 Optional flags can be enabled that enable pprof or metrics (or both) - however, they both run on 6060 by default, so
+
 you'll have to change one if you want to run both at the same time. use `--help` with the binary for more info.
 
+
+#### `other` ports
+
 Reserved for future use: **gRPC ports**: `9092` consensus engine, `9093` snapshot downloader, `9094` TxPool
 
 #### Hetzner expecting strict firewall rules