Difference between revisions of "Ports which should be opened"
From Kolmisoft Wiki
Jump to navigationJump to search
(37 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
For server some ports should be opened: | For server some ports should be opened '''or forwarded''' to M4/MOR server: | ||
* TCP 80 - for GUI/HTTP | * TCP 80 - for GUI/HTTP | ||
* TCP 22 - for SSH connection | * TCP 22 - for SSH connection | ||
* UDP 4569 - for IAX2 connection | * TCP 25/465 - for SMTP / SMTP over SSL (TLS) | ||
* UDP 5060, | * TCP 443 - for GUI/HTTPS | ||
* UDP 694 - for Heartbeat. | |||
* TCP 3306 - for MySQL replication | |||
* TCP 3690 - for SVN connections | |||
* UDP 4569 - for IAX2 connection (Only for MOR) | |||
* UDP 5060 to 5070 - for SIP connection | |||
* UDP 10000 to 20000 - for RTP/audio (Only for MOR) | |||
* UDP 10000 to 50000 - for RTP/audio (Only for M4) | |||
* UDP 123 - Network Time Protocol | |||
* TCP/UDP 1720 - for H.323 Protocol (Only for MOR) | |||
* TCP 5038 - for Asterisk manager interface (Only for MOR) | |||
* TCP 9200,9300 - Elasticsearch service | |||
* UDP 4000 to 4999 - for T.38 support (Only for MOR) | |||
* TCP 10050 - Zabbix agent | |||
You can test which ports are opened using nmap tool: | You can test which TCP ports are opened using nmap tool: | ||
nmap -vv - | nmap -vv -p0 your server's IP address | ||
https://www.virtualizationhero.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html | |||
=== iptables config === | |||
For '''Asterisk''' (only) server: | |||
iptables -A INPUT -p tcp --dport ssh -j ACCEPT | |||
iptables -A INPUT -p tcp --dport 5038 -j ACCEPT | |||
iptables -A INPUT -p udp --dport 5038 -j ACCEPT | |||
iptables -A INPUT -p udp --dport 4569 -j ACCEPT | |||
iptables -A INPUT -p udp --dport 1720 -j ACCEPT | |||
iptables -A INPUT -p udp --dport 5060:5070 -j ACCEPT | |||
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT | |||
iptables -A INPUT -p udp --dport 4000:4999 -j ACCEPT | |||
iptables -A INPUT -j DROP |
Latest revision as of 11:45, 24 November 2021
For server some ports should be opened or forwarded to M4/MOR server:
- TCP 80 - for GUI/HTTP
- TCP 22 - for SSH connection
- TCP 25/465 - for SMTP / SMTP over SSL (TLS)
- TCP 443 - for GUI/HTTPS
- UDP 694 - for Heartbeat.
- TCP 3306 - for MySQL replication
- TCP 3690 - for SVN connections
- UDP 4569 - for IAX2 connection (Only for MOR)
- UDP 5060 to 5070 - for SIP connection
- UDP 10000 to 20000 - for RTP/audio (Only for MOR)
- UDP 10000 to 50000 - for RTP/audio (Only for M4)
- UDP 123 - Network Time Protocol
- TCP/UDP 1720 - for H.323 Protocol (Only for MOR)
- TCP 5038 - for Asterisk manager interface (Only for MOR)
- TCP 9200,9300 - Elasticsearch service
- UDP 4000 to 4999 - for T.38 support (Only for MOR)
- TCP 10050 - Zabbix agent
You can test which TCP ports are opened using nmap tool:
nmap -vv -p0 your server's IP address
iptables config
For Asterisk (only) server:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT iptables -A INPUT -p tcp --dport 5038 -j ACCEPT iptables -A INPUT -p udp --dport 5038 -j ACCEPT iptables -A INPUT -p udp --dport 4569 -j ACCEPT iptables -A INPUT -p udp --dport 1720 -j ACCEPT iptables -A INPUT -p udp --dport 5060:5070 -j ACCEPT iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT iptables -A INPUT -p udp --dport 4000:4999 -j ACCEPT iptables -A INPUT -j DROP