Difference between revisions of "Ports which should be opened"

From Kolmisoft Wiki
Jump to navigationJump to search
 
(35 intermediate revisions by 6 users not shown)
Line 1: Line 1:
For server some ports should be opened:
For server some ports should be opened '''or forwarded''' to M4/MOR server:


* TCP 80 - for GUI/HTTP
* TCP 80 - for GUI/HTTP
* TCP 22 - for SSH connection
* TCP 22 - for SSH connection
* UDP 4569 - for IAX2 connection
* TCP 25/465 - for SMTP / SMTP over SSL (TLS)
* UDP 5060, 10000-20000 - for SIP connection
* TCP 443 - for GUI/HTTPS
 
* UDP 694 - for Heartbeat.
* TCP 3306 - for MySQL replication
* TCP 3690 - for SVN connections
* UDP 4569 - for IAX2 connection (Only for MOR)
* UDP 5060 to 5070 - for SIP connection
* UDP 10000 to 20000 - for RTP/audio (Only for MOR)
* UDP 10000 to 50000 - for RTP/audio (Only for M4)
* UDP 123 - Network Time Protocol
* TCP/UDP 1720 - for H.323 Protocol (Only for MOR)
* TCP 5038 - for Asterisk manager interface (Only for MOR)
* TCP 9200,9300 - Elasticsearch service
* UDP 4000 to 4999 - for T.38 support (Only for MOR)
* TCP 10050 - Zabbix agent


You can test which TCP ports are opened using nmap tool:
You can test which TCP ports are opened using nmap tool:


  nmap -vv -P0 23.45.67.89
  nmap -vv -p0 your server's IP address


https://www.virtualizationhero.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html
https://www.virtualizationhero.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html
=== iptables config ===
For '''Asterisk''' (only) server:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j ACCEPT
iptables -A INPUT -p udp --dport 5038 -j ACCEPT
iptables -A INPUT -p udp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp --dport 1720 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5070 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT
iptables -A INPUT -p udp --dport 4000:4999 -j ACCEPT
iptables -A INPUT -j DROP

Latest revision as of 11:45, 24 November 2021

For server some ports should be opened or forwarded to M4/MOR server:

  • TCP 80 - for GUI/HTTP
  • TCP 22 - for SSH connection
  • TCP 25/465 - for SMTP / SMTP over SSL (TLS)
  • TCP 443 - for GUI/HTTPS
  • UDP 694 - for Heartbeat.
  • TCP 3306 - for MySQL replication
  • TCP 3690 - for SVN connections
  • UDP 4569 - for IAX2 connection (Only for MOR)
  • UDP 5060 to 5070 - for SIP connection
  • UDP 10000 to 20000 - for RTP/audio (Only for MOR)
  • UDP 10000 to 50000 - for RTP/audio (Only for M4)
  • UDP 123 - Network Time Protocol
  • TCP/UDP 1720 - for H.323 Protocol (Only for MOR)
  • TCP 5038 - for Asterisk manager interface (Only for MOR)
  • TCP 9200,9300 - Elasticsearch service
  • UDP 4000 to 4999 - for T.38 support (Only for MOR)
  • TCP 10050 - Zabbix agent

You can test which TCP ports are opened using nmap tool:

nmap -vv -p0 your server's IP address

https://www.virtualizationhero.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html


iptables config

For Asterisk (only) server:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j ACCEPT
iptables -A INPUT -p udp --dport 5038 -j ACCEPT
iptables -A INPUT -p udp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp --dport 1720 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5070 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT
iptables -A INPUT -p udp --dport 4000:4999 -j ACCEPT
iptables -A INPUT -j DROP