BitTorrent by default uses ports in the range of 6881-6889. As of 3.2 and later, the range has been extended to 6881-6999. (These are all TCP ports, BitTorrent does not use UDP.) The client starts with the lowest port in the range and sequentially tries higher ports until it can find one to which it can bind. This means that the first client you open will bind to 6881, the next to 6882, etc. Therefore, you only really need to open as many ports as simultaneous BitTorrent clients you would ever have open. For most people it's sufficient to open 6881-6889.
The port range that BitTorrent uses is configurable, see the section on command line parameters, specifically the --minport and --maxport parameters.
The trackers to which BitTorrent must connect usually are on port 6969, so the client must have outbound access on this port. Some trackers are on other ports, however.
BitTorrent will usually work fine in a NAT (network address translation) environment, since it can function with only outbound connections. Such environments generally include all situations where multiple computers share one publicly-visible IP address, most commonly: computers on a home network sharing a cable or xDSL connection. If you are unsure of whether you have NAT or not, then try this link which will try to determine if you are behind a NAT gateway.
However, you will get better speeds if you can accept incoming connections as well. To do this you must use the "port forwarding" feature of whatever is performing the NAT/gateway task. For example, if you have a cable or DSL connection and a router/switch/gateway/firewall, you will need to go into the configuration of this device and forward ports 6881-6889 to the local machine that will be using BitTorrent. If your device makes it hard to enter a range of ports (if you must enter each one separately), then you can just do the first 10 or so ports, or however many simultaneous clients you plan to ever have open. If more than one person behind such a gateway wishes to use BitTorrent, then each machine should use a different port range, and the gateway should be configured to forward each port range to the corresponding local machine.
If you have one of these broadband router/NAT devices (such as the Linksys BEFSR41, D-Link DI-701/704, Netgear RT311, SMC Barricade, 3Com Home Ethernet Gateway, etc.) you will usually need to enter the web configuration of the device. If you're not sure, try
http://192.168.1.1 or sometimes
http://192.168.0.1. If you can't figure it out, try the manual for the device -- they are often on the manufacturer's web site in PDF form.