On a stateful firewall you can also choose to only open the SIP ports. That'll depend on your SIP profile settings. 5060 at least, and perhaps 5080 too.<div><br></div><div>The firewall could look at the SDP, mark the RTP ports as related traffic and automatically open them for you too.</div>
<div><br></div><div>That can -only- work with normal SIP though - for obvious reasons if you're using TLS it won't be able to see the ports being used.</div><div><div><br></div><div>-Steve</div><div><br></div><div>
<br></div><div><br><br><div class="gmail_quote">On 25 July 2013 17:56, Lloyd Aloysius <span dir="ltr"><<a href="mailto:lloyd.aloysius@sunteltech.ca" target="_blank">lloyd.aloysius@sunteltech.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><font face="verdana,sans-serif"><div>SIP TCP/UDP 5060 - 5090 </div><div>RTP UDP 16384 - 32768</div><span><font color="#888888"><div>
<br></div><div>Lloyd</div></font></span></font><div><div><div><div><font face="verdana, sans-serif" color="#cc6600" size="1"><b> <a href="http://www.sunteltech.ca/blog/" target="_blank"></a></b></font></div>
</div>
<br><br><div class="gmail_quote">On Wed, Jul 24, 2013 at 8:38 PM, Jim Lynch <span dir="ltr"><<a href="mailto:jim@k4gvo.com" target="_blank">jim@k4gvo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'm running a simple switch. No phones are connected to the system from<br>
outside of my local network. The only wan connections I have are a<br>
couple of voip providers. None of my phones on the lan call outside of<br>
the lan. All they talk to is the switch.<br>
<br>
I see a bunch of ports listed at<br>
<a href="http://wiki.freeswitch.org/wiki/Firewall" target="_blank">http://wiki.freeswitch.org/wiki/Firewall</a> but don't know if I need them<br>
all. I suspect I don't. I want to close up the firewall as much as I can.<br>
<br>
Thanks,<br>
Jim.<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div>