Re: [asterisk-users] RTP port ranges
Hello Thorsten, Tuesday, September 17, 2013, 1:05:15 AM, you wrote: Where is it stated that you MUST use 1-2 ??? Someone else please ? Well, I don't use that range. This is that part of my rtp.conf rtpstart=16000 rtpend=16100 I knew I didn't need the default 25000 ports, in fact 100 is probably more than 10 times what I'll ever need. Been working for for 5 years with those numbers. I decided when I first did this that if I used non standard ports I might be less susceptible to hacking. Probably not accurate, but I did it anyway. -- Ira-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
I only use 100 ports as well but we have a very low call volume. I thought that I saw that you need to allocate 2 ports for every simultaneous call that you need to support. The ports are free (no charge) and are UDP not TCP so you do not lose any TCP ports. I am not sure what a hacker could do if they attacked these ports. Ron On 18/09/2013 2:29 PM, Ira wrote: Re: [asterisk-users] RTP port ranges Hello Thorsten, Tuesday, September 17, 2013, 1:05:15 AM, you wrote: Where is it stated that you MUST use 1-2 ??? Someone else please ? Well, I don't use that range. This is that part of my rtp.conf rtpstart=16000 rtpend=16100 I knew I didn't need the default 25000 ports, in fact 100 is probably more than 10 times what I'll ever need. Been working for for 5 years with those numbers. I decided when I first did this that if I used non standard ports I might be less susceptible to hacking. Probably not accurate, but I did it anyway. -- Ira -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
Maybe this could help you: http://www.voip-info.org/wiki/view/Asterisk+config+rtp.conf Am 13.09.2013 11:49, schrieb Jonas Kellens: Hello, and when I define 11500 - 11954 it should use a random port in this range. Where is it stated that you MUST use 1-2 ??? Someone else please ? Jonas. On 09/13/2013 11:46 AM, Andrew Colin wrote: Because normally it will use a random port between them On 9/13/2013 11:43 AM, Jonas Kellens wrote: On 09/13/2013 11:41 AM, Andrew Colin wrote: Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. Why do I need such a big range ? That's like for 250 concurrent calls ! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] RTP port ranges
Hello, I have defined that I want to receive audio (RTP) on port 11500 till 11954 (rtp.conf). The same range I have defined in my firewall. I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. How come the client sends audio on port 11955 when I clearly define in my SDP-body that I want to receive audio on port range 11500 till 11954 ? What makes the client choose this port number when it is not allowed ? Kind regards, Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
On 09/13/2013 11:41 AM, Andrew Colin wrote: Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. Why do I need such a big range ? That's like for 250 concurrent calls ! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
Because normally it will use a random port between them On 9/13/2013 11:43 AM, Jonas Kellens wrote: On 09/13/2013 11:41 AM, Andrew Colin wrote: Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. Why do I need such a big range ? That's like for 250 concurrent calls ! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
Hello, and when I define 11500 - 11954 it should use a random port in this range. Where is it stated that you MUST use 1-2 ??? Someone else please ? Jonas. On 09/13/2013 11:46 AM, Andrew Colin wrote: Because normally it will use a random port between them On 9/13/2013 11:43 AM, Jonas Kellens wrote: On 09/13/2013 11:41 AM, Andrew Colin wrote: Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. Why do I need such a big range ? That's like for 250 concurrent calls ! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
Maybe you should open 11955 on you fw as well. This could be the rtcp port. Regards Hans On 2013-09-13 11:49, Jonas Kellens wrote: Hello, and when I define 11500 - 11954 it should use a random port in this range. Where is it stated that you MUST use 1-2 ??? Someone else please ? Jonas. On 09/13/2013 11:46 AM, Andrew Colin wrote: Because normally it will use a random port between them On 9/13/2013 11:43 AM, Jonas Kellens wrote: On 09/13/2013 11:41 AM, Andrew Colin wrote: Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. Why do I need such a big range ? That's like for 250 concurrent calls ! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
Could be... is there no way to be sure ? Is there no way to calculate this ? Thanks, Jonas. On 09/13/2013 12:11 PM, Johann Steinwendtner wrote: Maybe you should open 11955 on you fw as well. This could be the rtcp port. Regards Hans On 2013-09-13 11:49, Jonas Kellens wrote: Hello, and when I define 11500 - 11954 it should use a random port in this range. Where is it stated that you MUST use 1-2 ??? Someone else please ? Jonas. On 09/13/2013 11:46 AM, Andrew Colin wrote: Because normally it will use a random port between them On 9/13/2013 11:43 AM, Jonas Kellens wrote: On 09/13/2013 11:41 AM, Andrew Colin wrote: Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. Why do I need such a big range ? That's like for 250 concurrent calls ! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
In article 5232dcbc.20...@telenet.be, Jonas Kellens jonas.kell...@telenet.be wrote: I have defined that I want to receive audio (RTP) on port 11500 till 11954 (rtp.conf). The same range I have defined in my firewall. I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. How come the client sends audio on port 11955 when I clearly define in my SDP-body that I want to receive audio on port range 11500 till 11954 ? What makes the client choose this port number when it is not allowed ? An RTP connection typically uses a pair of adjacent ports. The even port for the RTP stream, and the next port up (odd) for RTCP reports. So when defining a port range, you should probably make the lower port number even and the upper port number odd. (so the default 1-2 is probably wrong too, and should be 1-1) It also means that you should allow at least twice as many ports as the number of simultaneous calls you want to handle. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
On Friday 13 September 2013, Jonas Kellens wrote: On 09/13/2013 11:41 AM, Andrew Colin wrote: Normally you should open ports 1-2 udp On 9/13/2013 11:37 AM, Jonas Kellens wrote: I now see that an IP-address gets blocked by my firewall because there are packets coming onto port 11955. Why do I need such a big range ? That's like for 250 concurrent calls ! Having a port open really is not a big deal, unless there's a daemon listening on it. In the Windows world, where you usually don't get the Source Code, you never know what is running on your computer; in which case, you are never sure that there isn't a daemon listening on a particular port number, so it is wise in that case not to leave ports open unnecessarily. (Though not half as wise as just not running un-audited software in the first place .) But this is the Open Source world, and we have the advantage of knowing exactly what is running our computers. Open ports going nowhere simply are not a security concern this side of the fence. -- AJS Answers come *after* questions. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] RTP port ranges
On 13 Sep 2013, at 11:44, A J Stiles wrote: In the Windows world, where you usually don't get the Source Code, you never know what is running on your computer; in which case, you are never sure that there isn't a daemon listening on a particular port number, so it is wise in that case not to leave ports open unnecessarily. (Though not half as wise as just not running un-audited software in the first place .) Netstat will tell you what's running on Windows, just like on other platforms. Steve -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users