Difference between revisions of "Ports which should be opened"
From Kolmisoft Wiki
Jump to navigationJump to search
| Line 17: | Line 17: | ||
You can test which TCP ports are opened using nmap tool: | You can test which TCP ports are opened using nmap tool: | ||
nmap -vv - | nmap -vv -p0 your MOR server's IP address | ||
https://www.virtualizationhero.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html | https://www.virtualizationhero.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-ports.html | ||
Revision as of 05:57, 2 August 2017
For server some ports should be opened or forwarded to M2/MOR server:
- TCP 80 - for GUI/HTTP
- TCP 22 - for SSH connection
- TCP 25/465 - for SMTP / SMTP over SSL (TLS)
- TCP 443 - for GUI/HTTPS
- UDP 694 - for Heartbeat.
- TCP 3306 - for MySQL replication
- TCP 3690 - for SVN connections
- UDP 4569 - for IAX2 connection
- UDP 5060 to 5070, 10000-20000(10000-50000 in M2) - for SIP connection
- TCP/UDP 123 - Network Time Protocol
- TCP/UDP 1720 - for H.323 Protocol
- TCP/UDP 5038 - for Asterisk manager interface
- TCP/UDP 10050 - for Zabbix monitoring
- UDP 4000 - 4999 for T.38 support
You can test which TCP ports are opened using nmap tool:
nmap -vv -p0 your MOR server's IP address
iptables config
For Asterisk (only) server:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT iptables -A INPUT -p tcp --dport 5038 -j ACCEPT iptables -A INPUT -p udp --dport 5038 -j ACCEPT iptables -A INPUT -p udp --dport 4569 -j ACCEPT iptables -A INPUT -p udp --dport 1720 -j ACCEPT iptables -A INPUT -p udp --dport 5060:5070 -j ACCEPT iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT iptables -A INPUT -p udp --dport 4000:4999 -j ACCEPT iptables -A INPUT -j DROP
