open ports and firewall

junkship

New Member
Hi
We are using Flashphoner. My developer has opened Ports 30 000 - 33 000 to facilitate livestreaming. The company who provides security for the site says that their firewall cannot be configured to protect our sites anymore because of the open ports. What is the solution?
Thanks!
 

Max

Administrator
Staff member
Good day.
If you have a separate company who servicing your firewall, please contact them and ask to open all the ports you need.
If they cannot open medai ports in range 30000-33000/udp, consider to use internal TURN server. In this case, you should open two ports only:
8443/tcp for websocket
3478/tcp for TURN
All the media traffic will go through TURN port.
 

junkship

New Member
Ok, thanks Max, this is appreciated. Are we leaving ourselves open to attack by leaving Ports 30 000 - 33 000 open?
 

FKemp

New Member
Not really, with proper configuration of the firewall. server and WCS you should be good to go. My company, prothesiswriter.com, uses a similar setup and we've been fine without any attacks occuring.
 
Last edited:

Max

Administrator
Staff member
Are we leaving ourselves open to attack by leaving Ports 30 000 - 33 000 open?
No.
WCS listens one (or two, if RTP bundle support is disabled by settings) media ports per session. It starts listening the media port after Websocket signaling session is successfully established with client. So most of the ports from this range are not active, and attacker cannot use them, it just get no response from server.
Therefore, you are not leaving yourselves opened for attacks if media ports range is accessible.
 
Top