To allow printing access to your end users from a public network, you must allow the following ports:
80 - HTTP
443 - HTTPS
631 - IPP
To allow iPrint Appliance access to your administrators, you must allow the following ports:
80 - HTTP
443 - HTTPS
636 - LDAPS
389 - LDAP
524 - NCP
631 - IPP
9443 - Management Console
515 - LPR
22 - SSH
5353 - mDNS/UDP (AirPrint)
8080, 8081, 8443, 8444, and 8649 (Ganglia Configuration)