指尖的java,博客

freeswitch需要开启的端口

freeswitch 神圣 1438℃ 0评论

FireWall Ports Network Protocol Application Protocol Description

1719 UDP H.323 Gatekeeper RAS port

1720 TCP H.323 Call Signaling

3478 UDP STUN service Used for NAT traversal

3479 UDP STUN service Used for NAT traversal

5002 TCP MLP protocol server

5003 UDP Neighborhood service

5060 UDP & TCP SIP UAS Used for SIP signaling (Standard SIP Port, for default Internal Profile)

5070 UDP & TCP SIP UAS Used for SIP signaling (For default “NAT” Profile)

5080 UDP & TCP SIP UAS Used for SIP signaling (For default “External” Profile)

8021 TCP ESL Used for mod_event_socket *

16384-32768 UDP RTP/ RTCP multimedia streaming Used for audio/video data in SIP and other protocols

5066 TCP Websocket Used for WebRTC

7443 TCP Websocket Used for WebRTC

 

 

 
*mangle
\# mark SIP UDP packets with CS3
-A OUTPUT -p udp -m udp –sport 5060 -j DSCP –set-dscp-class cs3
\# mark SIP UDP packets with CS3
-A OUTPUT -p tcp –sport 5060 -j DSCP –set-dscp-class cs3
\# mark SIP TLS packets with CS3
-A OUTPUT -p tcp –sport 5061 -j DSCP –set-dscp-class cs3
\# mark RTP packets with EF
-A OUTPUT -p udp -m udp –sport 16384:32768 -j DSCP –set-dscp-class ef
COMMIT
*filter
\# Allows all loopback (lo0) traffic
-A INPUT -i lo -j ACCEPT
\# Drop all traffic to 127/8 that doesn’t use lo0
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
\# Accepts all established inbound connections
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
\# Allow all outbound traffic
-A OUTPUT -j ACCEPT
\# Allow web connections
-A INPUT -p tcp -m state –state NEW –dport 8888 -j ACCEPT
\# Allow STUN service (Used for NAT traversal)
-A INPUT -p udp –dport 3478 -j ACCEPT
-A INPUT -p udp –dport 3479 -j ACCEPT
\# Allow MLP protocol server
-A INPUT -p tcp –dport 5002 -j ACCEPT
\# Allow Neighborhood service
-A INPUT -p udp –dport 5003 -j ACCEPT
\# Allow SIP UDP
-A INPUT -p udp –dport 5060 -j ACCEPT
\# Allow SIP TCP
-A INPUT -p tcp –dport 5060 -j ACCEPT
\# Allow SIP TLS
-A INPUT -p tcp –dport 5061 -j ACCEPT
\# Allow RTP
-A INPUT -p udp –dport 16384:32768 -j ACCEPT
\# Allow XML_RPC from another server (replace 127.0.0.1 with the IP that will access FS ESL)
-A INPUT -p tcp –dport 8080 -s 127.0.0.1 -j ACCEPT
\# Allow SSH
-A INPUT -p tcp –dport 22 -j ACCEPT
\# Allow ping
-A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
\# log iptables denied calls (access via ‘dmesg’ command)
-A INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT

转载请注明:指尖博客 » freeswitch需要开启的端口

喜欢 (0)or分享 (0)
发表我的评论
取消评论
表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址