Firewall ports for the reverse proxy and TURN server
Traffic between the reverse proxy and TURN server and clients in the Internet
The following ports have to be allowed through any firewalls which carry traffic between the reverse proxy and TURN server in the DMZ and Pexip apps in the public Internet:
| Source address | Source port | Destination address | Dest. port | Protocol | Notes |
|---|---|---|---|---|---|
| <any> (Pexip app) | <any> | Reverse proxy | 80 / 443 | TCP | HTTP/HTTPS |
| <any> (Pexip app) | <any> | TURN server | 3478 | UDP | UDP TURN/STUN |
| <any> (Pexip app) | <any> | TURN server | 49152–65535 | UDP | TURN relay media |
| <any> (Pexip app) | <any> | TURN server | 443 | TCP | TURN relay media |
| TURN server | 49152-65535 | <any> | <any> | UDP | RTP media |
| Reverse proxy / TURN server | <any> | DNS server | 53 | TCP/UDP | DNS |
| Reverse proxy / TURN server | <any> | NTP server | 123 | TCP | NTP |
|
|
|||||
Traffic between the local network and the DMZ / Internet
The following ports have to be allowed through any firewalls which carry traffic between Conferencing Nodes and management stations in the local network and the reverse proxy and TURN server in the DMZ/internet:
| Source address | Source port | Destination address | Dest. port | Protocol | Notes |
|---|---|---|---|---|---|
| Reverse proxy | <any> | Conferencing Nodes | 443 | TCP | HTTPS |
| Conferencing Nodes | 40000–49999 |
TURN server | 3478 | UDP | UDP TURN/STUN |
| Conferencing Nodes | 40000–49999 |
STUN server (if configured) | 3478 / 19302 | UDP | UDP TURN/STUN. Note that stun.l.google.com uses port 19302. |
| Management PC | <any> | Reverse proxy / TURN server | 22 | TCP | SSH |
| SNMP server | <any> | Reverse proxy / TURN server | 161 | UDP | SNMP |
| Reverse proxy / TURN server | <any> | SNMP server | 161 | UDP | SNMP |
|
|
|||||