What ports does freeswitch need open?

Question

I have installed FreeSWITCH 1.0.6 on CentOS 5.5. I believe CentOS is blocking the ports FreeSWITCH needs in order to contact with my remote phones, but I have no idea how to use ipTables in Linux or what ports need to be open. Can anyone help?

With Asterisk the ports were 5060 - 5090 for sip and a few others but I don't remember them.

Thank you!

Answer 1

I could not match FreeSWITCH wiki to ports to my setup, in the end I went with what actual open ports were reported by my machine, run the following to find out what FreeSWITCH is using on your rig:

root@tardis:~# netstat -lntp | grep freeswitch
tcp        0      0 192.0.1.2:2856          0.0.0.0:*               LISTEN      7220/freeswitch
tcp        0      0 192.0.1.2:5066          0.0.0.0:*               LISTEN      7220/freeswitch
tcp        0      0 192.0.1.2:8081          0.0.0.0:*               LISTEN      7220/freeswitch
tcp        0      0 192.0.1.2:8082          0.0.0.0:*               LISTEN      7220/freeswitch
tcp        0      0 192.0.1.2:7443          0.0.0.0:*               LISTEN      7220/freeswitch
tcp        0      0 192.0.1.2:5080          0.0.0.0:*               LISTEN      7220/freeswitch
tcp        0      0 192.0.1.2:5060          0.0.0.0:*               LISTEN      7220/freeswitch
tcp        0      0 192.0.1.2:2855          0.0.0.0:*               LISTEN      7220/freeswitch
tcp6       0      0 ::1:8081                :::*                    LISTEN      7220/freeswitch
tcp6       0      0 ::1:8082                :::*                    LISTEN      7220/freeswitch
tcp6       0      0 :::8021                 :::*                    LISTEN      7220/freeswitch
tcp6       0      0 ::1:5080                :::*                    LISTEN      7220/freeswitch
tcp6       0      0 ::1:5060                :::*                    LISTEN      7220/freeswitch

Answer 2

The accepted answer is a bad answer... FreeSWITCH does not use all these ports, and not all port are defined there. For those needing a guideline (using default configs):

3478 - STUN Discovery (UDP)
3479 - STUN Discovery (UDP)
5060 - Sofia Internal Profile (TCP & UDP)
5080 - Sofia External Profile (TCP & UDP)
8021 - Event Socket (TCP)
16384-32768 - RTP Ports (UDP)

Port usage is subject to change with module usage. You can find the entry on http://confluence.freeswitch.org, and more (up to date) information about port usage can be found at https://freeswitch.org/confluence/display/FREESWITCH/Firewall

Answer 3

Nevermind chumps, I figured it out myself:

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 37 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 37 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8021 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 8021 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p icmp -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5532 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5564 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

Answer 4

Best reference seems to be : http://wiki.freeswitch.org/wiki/Firewall

All of the ports are dependent on your module usage (ie. 8080 if you are using the web api). Keep in mind that all of the ports mentioned are defaults and are configurable.