AFAIK coturn listening on port 3478 then necessary port is allocated during negotiation (only if needed)
On Fri, 10 Jul 2020 at 19:08, kaffeesurrogat <[email protected]> wrote: > Dear List, > > i gathered more information: > > 1) I talked to my provider. They promised, that there is no other > firewall between my VPS and the Internet. > > 2) Did some more port testing. > > On my server i issued (netcat): > > ls | nc -l -u -p 49152 > > that means pipe ls output to nc listening in udp mode on 49152 > > On my client side: > > sudo nmap -sU -p 49152 myserver > > The answer was: > > PORT STATE SERVICE > 49152/udp open unknown > > > Without the pipe through netcat nmap shows me a closed port for 49152 > ... (coturn) even though coturn is up and running .... > > Did i misconfigure my coturn or is coturn opening up the port only if > needed ? > > > Greeting, > > kaffeesurrogat > > On 10/07/2020 07:28, kaffeesurrogat wrote: > > Dear List, > > > > I followed the thread "RE: InvalidStateError: Failed to set remote > > answer sdp: Called in wrong state: kStable". > > Alain DEVILLE talked about this problem he had with opening up ports > > 49152:65535/udp for incoming and outgoing traffic. > > > > On Ubuntu 18.04 LTS I installed ufw to set up a firewall. > > > > > > ufw status verbose gives: > > > > > > 22 ALLOW IN Anywhere > > 3478/tcp ALLOW IN Anywhere > > 3478/udp ALLOW IN Anywhere > > 5443/tcp ALLOW IN Anywhere > > 8888/tcp ALLOW IN Anywhere > > 49152:65535/udp ALLOW IN Anywhere > > 22 (v6) ALLOW IN Anywhere (v6) > > 3478/tcp (v6) ALLOW IN Anywhere (v6) > > 3478/udp (v6) ALLOW IN Anywhere (v6) > > 5443/tcp (v6) ALLOW IN Anywhere (v6) > > 8888/tcp (v6) ALLOW IN Anywhere (v6) > > 49152:65535/udp (v6) ALLOW IN Anywhere (v6) > > > > 49152:65535/udp ALLOW OUT Anywhere > > 49152:65535/udp (v6) ALLOW OUT Anywhere (v6) > > > > So I believe they are open. > > > > Using telnet myserver 49152 gives a "trying myserver" until there is a > > timeout. > > > > Disabling ufw and telneting again says: > > > > > > Trying myserver... > > telnet: connect to address myserver: Connection refused > > > > > > Thus the firewall rules make a difference. > > > > Using sudo nmap -sU -p 49152 myserver > > > > > > PORT STATE SERVICE > > 49152/udp closed unknown > > > > > > even if I enabled ufw firewall > > > > This contradicts the telnet result doesn't it ? > > > > > > The "kStable ....." error still shows up from time to time .... > > > > > > My questions: > > > > > > 1) How can I test for open ports49152:65535 and be sure about the result? > > 2) My Provider is Strato. Do I have to contact the provider to open up > > the ports for incoming and outgoing udp packages ? > > 3) Are my firewall rules correct? > > I did not manage to find instructions on installing the pure iptables > > alternative on ubuntu 18.04. I've tried to implement the stuff from the > > ALVARO-manual about SSL. This time using ufw. > > > > Many thanks .... > > > > kaffeesurrogat .... > > > > > > > > -- Best regards, Maxim
