Home » Forums » Community Edition » Open Discussion

Security questions regarding ports

cityguru
Posts: 233
 Member Since:
2006-06-02
Submitted by cityguru on Mon, 08/23/2010 - 10:25am.

I am going with a managed firewall service for my server. I have employees who work from anywhere in the world so i cannot make the trixbox secured by IP.

I know to open 5060 through 5068 for registration
I know to open 4569 for IAX for our remote offices

My question is 10000 thru 20000, this is a very large range and wanted to know if i definitely need to leave this open as well. From my understanding this is what allows the Audio to come through, closing this down would mean the phones would register but there would be no audio. Or do i have this wrong?

Any advice would be great

Thanks

‹ name change Avantfax 3..3.2 first admin login isssue ›


jas_williams
Posts: 205
 Member Since:
2007-05-13
Get your remote staff to
Mon, 08/23/2010 - 1:21pm

Get your remote staff to connect via VPN do not have the trixbox open to the Internet in this way



voipinnovations
Posts: 6
 Member Since:
2010-04-09
UDP ports 10,000-20,000 are
Tue, 08/31/2010 - 8:29am

UDP ports 10,000-20,000 are not considered a big network hole and you are correct, those ports are for the audio. As long as you have your firewall set correctly, you can use whatever UDP ports you want. If you think that is too large of a range, you can reduce it by setting your firewall accordingly.

Regards,

Randy Stegner
www.voipinnovations.com



obeliks
Posts: 877
 Member Since:
2010-03-14
UDP ports 10,000-20,000 are
Tue, 08/31/2010 - 8:50am

UDP ports 10,000-20,000 are not considered a big network hole
10,000 port range is not big enough to be called "a big network hole" ? What number would qualify for this term then ? 50,000 ?

Did you read: http://fonality.com/trixbox/forums/trixbox-forums/open-discussion...



voipinnovations
Posts: 6
 Member Since:
2010-04-09
If you were simply opening
Tue, 09/07/2010 - 12:50pm

If you were simply opening ports to the outside world, yes this would be a problem; however, this isn't what's being done when opening UDP ports 10,000-20,000. Even Fonality's help page states this: http://help.fonality.com/Unbound/Network_Configuration#Is_there_a...

Respectfully,

Randy Stegner
www.voipinnovations.com



obeliks
Posts: 877
 Member Since:
2010-03-14
So when you open ports they
Tue, 09/07/2010 - 2:01pm

This link is totally unrelated to the OP question.



SkykingOH
Posts: 9541
 Member Since:
2007-12-17
Wow, that's an amazing
Tue, 09/07/2010 - 2:20pm

Wow, that's an amazing statement. I guess since they control Pro so tightly they can claim that no applications are listening on these ports. Even so it is a poor choice of words meant to put people at ease.

--

Scott

aka "Skyking"



obeliks
Posts: 877
 Member Since:
2010-03-14
To their credit they sound
Tue, 09/07/2010 - 5:43pm

To their credit they sound like they think opening 10,000 ports is a bad idea



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.