Ok, here's the full list:FS2002:
UDP 2300 to 2400FS2004 and FSX:
UDP 23456 (or your "2004 host port" on Server / Options / Session tab)
UDP 2302 to 2400 (not necessary if also forwarding 2300 to 2400 for FS2002)Remote (web) Access, and for FSHostSpy to be able to find your session:
TCP 80 (or your Remote Access port on Server / Options / Remote Access tab)FSNavigator:
Actually though, I don't believe the FSNavigator port is actually needed, but it probably won't hurt anything. It generally ends up switching over to the same ports that FS uses.
You asked about using other ports like 23457 and 8, and why you can sometimes connect on those ports as well. When FS2004 (or FSHostClient for FSX, it works the same as FS2004) connects to a session, it actually tries to connect on two ports: 23456 and the "alternate DirectPlay port" 6073. If it can't find a session on 23456, it usually finds it on 6073, and the host then replies back from 23456 anyway. From that point on, they usually switch to 23456, but if all else fails they sometimes switch to a random port in the range of 2302 to 2400. So let's say you tried connecting on 23457, or even something crazy like 33457. Since nothing on the host side is listening to that port, the request to that port will be ignored. But FS2004 still tries the default port 23456 anyway, and it still tries the alternate port 6073 as well. So it's trying three ports now. And the host will usually answer on 23456 either way, and they'll settle on that port. The point I'm making here is that you can actually try on any port you want, because FS2004 will still try 23456 and 6073 in addition to whatever port you pick, and one of those will usually work. And since nothing on the host side is listening to 23457 or 33457, there's no reason to forward those ports.
You might remember reading in the FSHost help that if you're running both FSHost and FS2004 on the same machine, you have to change FS2004 to search on a different port like 23457, because if you try to search on the default 23456 it won't find the host. The reason this works is that you can't have two programs using 23456, and also because when it searches on 23457, that port is never answered, but it also searches 23456 (which also isn't answered) and 6073, which is answered, and voila! it all works out.
Now hopefully you understand more about why I said the FSNavigator port probably isn't needed. Because when it connects to a session, it does it the same way that FS2004 does, and since FSHost doesn't actually do anything with 23432, it'll still work out when FSNavigator tries 6073 and everything switches over to 23456. Exactly the same way you have to change FS2004 on the same machine as FSHost, to use any port other than 23456 because it's already in use. And to make things even more unclear, all of this discussion about FSNavigator and 23432 only applies to the FS2004 version of FSNavigator. The FS2002 version uses the FS2002 ports just like FS2002 does when it's connecting.
And for those not familiar with how to forward ports in your router, try this web site, which has lots of help on all the various types of routers: http://www.portforward.com
Clear as mud?