Which ports should be allowed in firewall to use TURN server?

webrtc turn coturn
19,306

I think it depends on the transport protocols you want to use and the level of security.

With Coturn coturn(git):

The default port for sending (or listening to) STUN/TURN requests is 3478.

TURN listener port for UDP and TCP listeners (Default: 3478). Note: actually, TLS & DTLS sessions can connect to the "plain" TCP & UDP port(s), too - if allowed by configuration. For example, the default listening port can be set to 80 or 443, to go around some strict NATs. Remember that ports < 1024 may require superuser privileges to start the turnserver process.

In my project I used also tls listening port but probably it is not necessary:

The default port for sending (or listening to) STUN/TURN over TLS is 5349.

TURN listener port for TLS and DTLS listeners (Default: 5349). Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS port(s), too - if allowed by configuration. For example, the default tls listening port can be set to 443, to go around some strict NATs. Remember that ports < 1024 may require superuser privileges to start the turnserver process. For secure TCP connections, we currently support SSL version 3 and TLS versions 1.0, 1.1, 1.2. For secure UDP connections, we support DTLS version 1.

Also, for establishing at last p2p connection :

Each client will send the data through UDP to the other endpoint: if it’s sending to a TURN server (to a relay candidate) it will send to a port between 49152-65535 (if it’s sending directly to the other party it will send to any port in the 0-65535 range)

--min-port Lower bound of the UDP port range for relay endpoints allocation. Default value is 49152, according to RFC 5766.

--max-port Upper bound of the UDP port range for relay endpoints allocation. Default value is 65535, according to RFC 5766.

Share:
19,306
oividiosCaeremos
Author by

oividiosCaeremos

Updated on June 13, 2022

Comments

  • oividiosCaeremos
    oividiosCaeremos almost 2 years

    I want to set up a turn server (coturn) on our company's servers. And I'm not sure which ports should be allowed by outside access. 8443 is a must, using WebRTC. 3478 is a must for credential use. But there's these gazillions of ports which TURN server uses, do they need to be allowed in firewall?Or which ports should be allowed to use CoTURN without problem?

  • oividiosCaeremos
    oividiosCaeremos over 4 years
    So the ports between 49152 and 65535 must be allowed from firewall am I correct? And if I am, on which direction they should be open? (inbound - outbound) Thanks for your time.
  • Fotiou D.
    Fotiou D. over 4 years
    inbound ... these are the ports for establishing actual p2p connection: you’ll be sending data to a random port in the 0-65535 range opened by your peer’s device/router during discovery. The same is done towards you.
  • Shilpa
    Shilpa over 3 years
    Can I limit the range of ports that must be allowed from the frontend side? , I tried to limit the range in the coturn setting. Or is it a necessity to open all ports?
  • user482594
    user482594 about 3 years
    If data relay happens between ports 49152-65535, does that mean that the theoretical max number of concurrent connections that one coTURN server can support is about 16300 concurrent connections (Subtracting 49152 from 65535)?
  • Benni
    Benni almost 3 years
    @user482594 did you find an answer to that question?
  • Vertganti
    Vertganti almost 2 years
    @Benni It was answered in the comments here.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

CoTURN: How to use TURN REST API?
Why my turn server doesn't work?
Easy way to test TURN server
Coturn stun server returned an error with code=701
Installing a TURN Server on Ubuntu for WebRTC
How to create stun turn server instance using AWS EC2
Implementing our own STUN/TURN server for WebRTC Application
STUN/TURN server connectivity test
Flutter Webrtc Build error on M1 android and ios
Flutter webrtc screen sharing