[Asterisk-Users] Re: Open Ports
Tom Ivar Helbekkmo
tih at eunetnorge.no
Sat Dec 18 06:21:33 MST 2004
Norman Zhang <norman.zhang at rd.arkonnetworks.com> writes:
> May I ask what ports are necessary for SIP communication through a
> firewall? I read somewhere that UDP/5060 alone is enough. Some
> recommends more ports to be opened for RTP.
For outgoing call establishment, you must pass traffic out from your
device to UDP port 5060 on the target address, or, if you need to be
able to call any system, UDP port 5060 on any address. For incoming
call establishment, you likewise need to allow your communication
partners (or the world at large) to reach your UDP port 5060.
Then, there's RTP. The RTP communication will be set up between a UDP
port on each system, the numbers of which are determined at run time.
Since both ends will start transmitting RTP packets, and each sends
*to* the port that the other sends *from*, all that's needed is that
your firewall allows outgoing UDP traffic from your SIP device to your
communication partners (or the world), and "keeps state", as it is
known in the parlance, so that packets coming back in from the address
and port you're sending to will be allowed through.
My home firewall allows my Asterisk PBX to send any UDP traffic to
anyone, and keeps state, so they can answer. It also specifically
allows anyone to connect to UDP port 5060 on the PBX.
-tih
--
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145
More information about the asterisk-users
mailing list