Thanks, Nick. That's more-or-less how I understood it to work - but I'm still curious about how the port selection process works, and which ports you would want to have open. Because even if you're just trying ports, presumably it's not just (say) starting at UDP port 1024 and walking one-by-one up to 65535, trying them all in turn. It's got to have a more intelligent process than that. Right?
It would be helpful to have someone from the Chromium project comment on this authoritatively.
The context of my question, for what it's worth, is that we'll be needing to tell companies implementing our product what specific outbound ports they need to have open for our stuff to work. Ideally, we could tell them something like "port 80/TCP for signaling, 3478/UDP/TCP for STUN, and port x/UDP for streaming." Or something like that. Telling them, "You need to open up outbound ports 1024-65535" is just gonna get us laughed at, I'm afraid.
Signaling can happen over a variety of methods, a common one is WebSockets which means it will go over port 80.
I am certainly not an expert on how ports are picked but my understanding is that, the media will be transported over any available port that can be obtained. Using TURN servers and other NAT traversal techniques it will be attempting to pick ports that are available to the outside world. WIth DNATs both parties start sending media at each other until both have opened a pinhole for each other.
So does this mean that it could expect to setup communication over any port? And hence that all outbound UDP ports need to be open? (That would seem like very - err, very - bad news. I think it would be a deal-killer for most corporate networks. Surely it hasn't been designed this way.)
If you look the source code, it does not specify the port range, look
the udpport.cc, min_port()/max_port() all returns 0, so OS will choose
the local port.
On Tue, Jan 22, 2013 at 2:22 PM, Ken Smith <smit...@gmail.com> wrote:
> Is there a succinct summary anywhere of what ports need to be open for
> WebRTC to function? I've looked around and can't find one. (For instance, in
> the current spec, the word "ports" doesn't even occur.)
> I know, for instance, that RTMFP requires that all outbound UDP ports > 1023
> be open, which is a non-starter on most corporate firewalls. I'm assuming
> that WebRTC is significantly more intelligent in that regard, but I'd still
> like to know what the bare minimum is.
> What I know so far:
> - The port for the signaling server (could be anything)
> - The port for the STUN and/or TURN server (e.g., 19302, but could be
> - The port over which the actual communication happens (<-- This is mostly
> what I don't know)
> Is the last one selected dynamically? What are the options? Could it be
> absolutely anything? If you were going to configure a firewall to be as
> absolutely secure as possible and still have WebRTC work out-of-the-box,
> what ports would you open up?
> Ken Smith
> Cell: 425-443-2359
> Email: smit...@gmail.com
> Blog: http://blog.wouldbetheologian.com/