Hello i was wondering about the Ports. i know there is 5060 and 10000 through 20000. They from what i understand has to be UDP. But what I’m wondering is why over 10 thousand ports from 10000 through 20000 has to be open? Is it possible to make them numbers smaller? Well for one reason of being safe and whatnot. But what is the Port 5060 do and What does the port 10 thousand thought 20 thousand do?
Dear Joseph these questions are very general and actually not related to FreePBX.
But I give your some hints and may you do some googling:
Each call has 2 section : Signalling and Media. Signalling is for call setup and media is responsible for voice,video and etc.
Signalling and Media have own protocols. SIP is a signalling protocol and RTP is a media protocol.
each protocol have some default parameters, 5060 is default port for SIP signaling protocol.
RTP doesn’t have specific port because for each call some port is assigned to call parties and they are out of use until end of calls. So this is not same about signaling.
Hello Psdk i think you are wrong on the not being part of Freepbx. Without them the phones will not work. Okay yes freepbx is made up from a lot of different modules like Asterisk, Web server and whatnot. But without these ports they don’t work for the audio. Okay yes you can do VPN and other ways but still Ports are needed to connect the phone to the server. And yes i did google stuff. so no hint needed. MY question is more about understanding what the ports really do. I didn’t ask what ports are needed to make this work That part i do got.
Ok dear so now do you get your answer?
I told that these are general concepts and not related to Asterisk/FreePBX specifically. Sorry if I upset you.
I’m sorry too. I’m sorry my little mine can’t comprehend what all these does. And trying to learn all this is to much for me. I guess so.
[quote=“josephchrz, post:3, topic:35579, full:true”]
I think you are wrong on the not being part of Freepbx. Without them the phones will not work. Okay yes freepbx is made up from a lot of different modules like Asterisk, Web server and whatnot. But without these ports they don’t work for the audio. Okay yes you can do VPN and other ways but still Ports are needed to connect the phone to the server. And yes i did google stuff. so no hint needed.[/quote]
Joseph, the FreePBX “program” is more than a simple application. It’s more of a “manager” for a whole bunch of pieces that are brought together into a distribution that allows you to use the Asterisk program. To be clear, FreePBX is, first and foremost, an advance management system that integrates several other packages (as you pointed out) to make Asterisk easier to manage and use.
VPN or not, without Asterisk, FreePBX cannot connect to phones or route phone calls, so your assertion that “FreePBX opens these ports” is not correct. It is an Asterisk issue.
Now, having made that distinction, it’s also important to know that the port settings in Asterisk are completely under your control as the person that is running Asterisk. The “5060” (and by the way, “5061”) port is opened by Asterisk to allow calls to come into the PBX. You can change this (and as a general rule, you should) to any port you care to use.
On the Media side, when a call comes in over port 5060 (or whatever you change it to), two ports are opened for the media connections. The ports are opened within a specific range (which is also controlled by Asterisk). One of the advanced “best practices” many of us use is to limit the number of ports down to a more reasonable number. For example - if I have 10 phone and am not running a conference server, I’ll open up 10 ports per phone, so I’ll open up 11000 to 11099 (100 ports, 10 per phone). Each new connection gets 2 new ports, so as you add more and more connections (three-way calls, etc), you use more ports. Since they’re shared and in a pool, you don’t need to worry too much about which ports go where as long as you have enough.
The media ports are only open when a call is active and the system wants to use that port. This limits the damage bad actors can perpetrate on your system. The trick here is that having a limited pool open means that bad actors (once they know) can scan for those 100 ports easier than they can the 10001 ports from 10000 to 20000.
You can set all of these in the SIP settings using FreePBX, or if you aren’t using FreePBX, you can manage the settings yourself in the config files.
Just so we’re clear - @psdk did answer almost all of your questions. The only one he didn’t answer was “what can I do about it” and every Asterisk book I’ve ever seen covers these questions in detail. Getting mad at us because the answer wasn’t clear to you is not productive.
1 Like
Hello Gynjut Thank you for that. I wasn’t trying to be a Jerk and I’m sorry for that. But his/her Comment was Rude to me and i felt offended by it. All i was asking what do the ports actually do? I know they have to do with audio and other things But i actually wanted to know what is it that they really do. How do they work. And when Psdk comment came in i felt i had to react to it in the way i know how. But when someone goes and says Here is a hint try googling it. was kinda Rude. Maybe if was put in another way i wouldn’t felt like i was wrong to me. And again my fault for that as well. I’m sorry. But also yes there is a lot in Freepbx going on. I understand that. but as a whole When Psdk said the ports has nothing to do with freepbx i felt that was wrong as well. Because it’s a part of it.
So again if i offended Psdk or anyone else for the way i reacted to that person comment my apologies.
I’m still learning all these out. Please bare with me.
But… you’re wrong, and psdk is correct. And you should google it. UDP ports 10000-20000 are used for rtp and port 5060 is used for signalling. If you want to learn how it works, you can read the RFCs, or even do something like google ‘How does SIP work’ which would take you to this:
Okay So let me get this straight so i don’t get confused here. I’m wrong about the Ports Doesn’t matter if it is 5060 or 10000-20000 Psdk is correct them ports have nothing to do with freepbx? So my question is why are they are there for?
Did you do as xrobau suggested and read
The 10000-20000 are the default ports used for the RDP traffic that the SDP sends to to endpoint, this is editable if you don’t need 5000 concurrent calls.
1 Like
It’s not for concurrent calls, the large range is for security, to make it harder for an attacker to guess the port range, to inject incorrect/fraudulent traffic. Don’t reduce the port range.
It can help with that but
strictrtp=yes
which is the deafult, is possibly a better solution in rtp.conf
Um, you’re missing the point. UDP source addresses can be trivially spoofed. The BETTER way to do it is to use SRTP or ZRTP, so your traffic can’t be fiddled with.
That still doesn’t negate the need to have a wide, random, and hard to guess range of ports for your RTP traffic. And this is getting wildly off topic. Don’t confuse this guy even more than he is, he doesn’t understand the difference between RTP and SIP, so lets avoid your corner cases for the moment.
I agree, it’s getting off-point.
I just asked a simple Question. What does these ports really Do. I know they are part of freepbx or asterisk that is part of freepbx so i asked. And in return i got a comment that said Here is a hint try googling it. Okay so yes i reacted with a smart comment back as i felt was rude. And then i got the reply these ports has nothing to do with freepbx Okay so if they have nothing to do with freepbx then why are we using them for? Okay yes maybe I’m a little confused on the subject But i think they are a part of Freepbx in my opinion. But got another comment back said i was wrong and he was right. Then my question again is why oh why are we using them is they are not a part of freepbx? That is all i have to say.
I never asked about UDP or SIP and whatnot. I just asked a question what do these ports do that is all. That was my question.
We have told you. Read the links.