Art Matsak
Jun 7, 2014, 4:56:56 PM6/7/14
to turn-server-project...@googlegroups.com
First of all, thank you Oleg and all other contributors to the rfc5766-turn-server project for the wonderful work.
We are looking to use the server in our WebRTC project and are planning to make it listen to port 443 to increase our chances with stricter NATs (so -p 443).
The question is, what ports/protocols should we allow in our server's firewall configuration?
Obviously, we need to allow port 443 (TCP and UDP). But what about UDP ports for relay endpoints (the range itself controlled by --min-port, --max-port)? This tutorial (linked to from the project page) doesn't mention opening anything except the listening ports, but is it really enough?
We are looking to use the server in our WebRTC project and are planning to make it listen to port 443 to increase our chances with stricter NATs (so -p 443).
The question is, what ports/protocols should we allow in our server's firewall configuration?
Obviously, we need to allow port 443 (TCP and UDP). But what about UDP ports for relay endpoints (the range itself controlled by --min-port, --max-port)? This tutorial (linked to from the project page) doesn't mention opening anything except the listening ports, but is it really enough?
Oleg Moskalenko
Jun 7, 2014, 6:05:00 PM6/7/14
to Art Matsak, turn-server-project...@googlegroups.com
If your client is establishing a connection with the turn server and the client is using the turn server as a relay then you have to open only the listening port (443 in your case). That client app will never communicate with the relay endpoints directly.
Sent from my iPhone
Sent from my iPhone
--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Visit this group at http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
For more options, visit https://groups.google.com/d/optout.
Art Matsak
Jun 8, 2014, 3:56:55 AM6/8/14
to turn-server-project...@googlegroups.com, ama...@gmail.com
Thank you. Sorry if I'm being thick here, but shouldn't UDP ports 49152 - 65535 also be open on the TURN server so that it can communicate on behalf of the client over the relay endpoints?
To quote your earlier message elsewhere (emphasis mine):
To quote your earlier message elsewhere (emphasis mine):
if you configured the TURN server on ports 80 and 443 in EC2 instance, and if you opened all UDP ports in the instance and if you set the authentication correctly, then you must be fine.
On Sunday, June 8, 2014 12:05:00 AM UTC+2, Oleg Moskalenko wrote:
If your client is establishing a connection with the turn server and the client is using the turn server as a relay then you have to open only the listening port (443 in your case). That client app will never communicate with the relay endpoints directly.
Sent from my iPhone
First of all, thank you Oleg and all other contributors to the rfc5766-turn-server project for the wonderful work.--
We are looking to use the server in our WebRTC project and are planning to make it listen to port 443 to increase our chances with stricter NATs (so -p 443).
The question is, what ports/protocols should we allow in our server's firewall configuration?
Obviously, we need to allow port 443 (TCP and UDP). But what about UDP ports for relay endpoints (the range itself controlled by --min-port, --max-port)? This tutorial (linked to from the project page) doesn't mention opening anything except the listening ports, but is it really enough?
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.
To post to this group, send email to turn-server-project-rfc5766-turn-...@googlegroups.com.
Oleg Moskalenko
Jun 8, 2014, 6:19:49 AM6/8/14
to Art Matsak, turn-server-project...@googlegroups.com
You are talking about the server-side firewall ? Then all relay and listening ports are to be open, of course.
Sent from my iPhone
Sent from my iPhone
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Art Matsak
Jun 8, 2014, 8:34:08 AM6/8/14
to turn-server-project...@googlegroups.com, ama...@gmail.com
Yes, server-side. So I guess the above tutorial is a little misleading because the author doesn't talk about opening server-side UDP ports for endpoint relays.
Given our setup (-p 443 --no-tls --no-dtls), I think we will need to have the following open then:
Given our setup (-p 443 --no-tls --no-dtls), I think we will need to have the following open then:
- Port 443 TCP and UDP
- UDP ports 49152-65535
Is that correct please?
Oleg Moskalenko
Jun 8, 2014, 10:55:34 AM6/8/14
to Art Matsak, turn-server-project...@googlegroups.com
Yes, that's right.
Regards,
Oleg
Sent from my iPhone
Sent from my iPhone
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Art Matsak
Jun 9, 2014, 3:56:15 AM6/9/14
to turn-server-project...@googlegroups.com, ama...@gmail.com
Thank you very much Oleg.
Reply all
Reply to author
Forward
0 new messages