And of course,
never make any such port available "to the outside world."
If you need to channel the traffic through the Internet,
always use an OpenVPN tunnel, properly secured with one-of-a-kind digital certificates and
tls-auth. The port-mapper and all other daemons should be listening
only to the virtual IP-addresses created by the OpenVPN software-router, and be communicating with their peers only through the tunnel. Direct access (going and coming) should be blocked by firewalls.