Difference between revisions of "Ports which should be opened"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 12: Line 12:
* TCP/UDP 1720 - for H.323 Protocol
* TCP/UDP 1720 - for H.323 Protocol
* TCP/UDP 5038 - for Asterisk manager interface
* TCP/UDP 5038 - for Asterisk manager interface
* TCP/UDP 5948 - for Zabbix monitoring
* TCP/UDP 10050 - for Zabbix monitoring
* UDP 4000 - 4999 for T.38 support
* UDP 4000 - 4999 for T.38 support
* TCP/UDP 443 - For HTTPS (if used)
* TCP/UDP 443 - For HTTPS (if used)

Revision as of 13:26, 19 December 2014

For server some ports should be opened or forwarded to MOR server:

  • TCP 80 - for GUI/HTTP
  • TCP 22 - for SSH connection
  • TCP 25/465 - for SMTP / SMTP over SSL (TLS)
  • UDP 694 - for Heartbeat.
  • TCP 3306 - for MySQL replication
  • TCP 3690 - for SVN connections
  • UDP 4569 - for IAX2 connection
  • UDP 5060 to 5070, 10000-20000 - for SIP connection
  • TCP/UDP 123 - Network Time Protocol
  • TCP/UDP 1720 - for H.323 Protocol
  • TCP/UDP 5038 - for Asterisk manager interface
  • TCP/UDP 10050 - for Zabbix monitoring
  • UDP 4000 - 4999 for T.38 support
  • TCP/UDP 443 - For HTTPS (if used)

You can test which TCP ports are opened using nmap tool:

nmap -vv -P0 your MOR server's IP address

https://www.virtualizationhero.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html


iptables config

For Asterisk server:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j ACCEPT
iptables -A INPUT -p udp --dport 5038 -j ACCEPT
iptables -A INPUT -p udp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp --dport 1720 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5070 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT
iptables -A INPUT -p udp --dport 4000:4999 -j ACCEPT
iptables -A INPUT -j DROP