Port Setup

From Pbxnsip Wiki

Jump to: navigation, search

On this Ports web page you can control which networking resources the PBX utilizes to communicate with the outside IP world.

When specifying ports, you can list the ports that you may bind to. You may either just specify a port number or you may explicitly specify the IP address and the port (separated by a colon, for example "192.168.1.2:8080"). If you are binding to IPv6 addresses, you must put a angle bracket around the IP address (e.g. "[2001:db8::4]:5060"). If you are only specifying the port number, the PBX will bind to all IPv4 and IPv6 addresses on the system. In general, you may bind to more than one socket. The addresses must be separated by spaces. If you don’t want to use the service, leave the field empty. If you change a port binding, you need to restart the PBX service.

Contents

[edit]

HTTP

The http and https ports are used for the communication between the build-in web server and the web browser. The http port is used for insecure, but lightweight communication; the https port is used for secure, but a little bit more expensive communication.

By default, the http port is 80, the https port is 443. If you are running another service on your host or you want to gain some additional security, you may change these ports to any other available port.

If you cannot reach the system on any port, please use the netstat command to locate the ports that have been allocated by the system (see the operating system documentation how to use this program). If it all does not help, you must either reinstall the system or change the settings ip_http_port and ip_https_port in the Global Configuration File.

Image:port_http.gif

[edit]

SIP

The SIP ports are used for insecure and secure SIP communication. By default, the system chooses port 5060 for sip and 5061 for sips. The PBX opens a UDP port and a TCP server port for the insecure communication and a TCP port for the secure communication.

If you are to set your DNS records up, you should set three records (assuming that you are operating the domain "test.com"):

  • _sip._udp.test.com must point to sip port (UDP)
  • _tcp.test.com must point to the sip port (TCP)
  • _sips._tcp.test.com must point to the sips port (TCP)

You can repeat the setup for every domain that you want to operate on the system.

Image:port_sip.gif

The "SIP IP Replacement List" (available in 2.0.4) is used when the PBX is used in a DMZ zone with NAT (see Office with private and public IP addresses). The setting contains a list of local IP addresses and their replacements. This list is used when the PBX sends out a SIP packet. Whenever it finds a local address in the list, it will replace it with the remote address. This way, SIP messages from the PBX will look like they have been sent from the replaced IP address.

The format of the list is LAdr/RAdr [LAdr/RAdr]... Both the LAdr and the RAdr must be an IPv4 or IPv6 address (e.g. 192.168.1.2/203.4.5.12), DNS addresses are not being resolved here.

The "IP Routing List" is used to override the operating system IP routing table. This setting "shadows" the operating system routing table, that means if there is no match found in the setting the PBX will consult the operating system. Whenever the PBX wants to find out what IP address is being used when sending a SIP packet out, it steps through the list and looks for a match (using the netmask Mask) to a destination address (DAdr). If there is a match, it will use the provided IP address (LAdr). See Office with private and public IP addresses for more information.

The format of the list is DAdr/Mask/LAdr [DAdr/Mask/LAdr]... Both the DAdr and the LAdr must be an IPv4 or IPv6 address (e.g. 192.168.1.2), DNS addresses are not being resolved here. The mask must be in the form of an IP address, e.g. 255.255.0.0.

[edit]

RTP

The RTP ports are used for sending and receiving media. You must specify a reasonable port range so that you have enough ports for all open calls. A port range of 100 ports is not unusual.

Most user agents send RTP media data from the same port where they expect to receive data. This is useful when a user agent sends media from behind NAT. The PBX can use this mechanism to establish a two way media path, even if the user agent is not able to determine its public IP address for media and is behind NAT.

Some user agents use different ports for sending and receiving. Although they will not be able to operate behind NAT, they are within the scope of the IETF standards. To be able to be compatible with these devices, the PBX has flag called "Follow RTP". By default, this flag is set to "on". If you have trouble with devices that use different ports for sending and receiving, try to turn this flag off. Please note that some of the troublesome devices also have a flag to turn the usage of different ports off.

Please note that you can control this behavior also on trunk level. If only a specific trunk has this problem, you should use this setting only on the trunk level.

You can also specify what codecs the PBX should use. We recommend to prefer high-quality codecs like ulaw (0), alaw(8), G.722 (9), G.726 (2) or GSM 6.10 FullRate (3). You can change the codecs without restarting the service.

Image:port_rtp.gif

[edit]

SNMP

The SNMP port setting defines on which port the PBX will listen for SNMP requests. By default, this port is on port 161.

The SNMP trusted addresses lists the IP addresses that may send SNMP requests. If this setting is empty, the PBX will not accept any SNMP requests. Whenever a request is being rejected, the PBX writes a log message.

If you like to change the Community, you can do that from the web interface. It does not require a restart of the service.

For more details, see SNMP.

Image:port_snmp.gif

[edit]

TFTP

The TFTP ports are used for provisioning purposes. Many SIP devices use tftp for automatic configuration. See File Access for more information on how the PBX may provide files for phones and other devices. See Automatic Provisioning for more details on how the provisioning works in detail.

The TFTP port is on port 69 by default.

Some devices write log files using tftp. You may enable this with the "Allow TFTP Write" flag. Please notice that this feature makes it possible that users may write files that affect other devices and this may introduce system instability and security concerns. We recommend using this feature only for troubleshooting, if necessary. The uploaded file can also be seen in the log file.

The "Allow TFTP Password" setting can have those values (see also SIP Security and Prepare an Extension for Plug and Play):

  • "Always" means that the PBX will always place the passwords into the provisioning files.
  • "Once" means that the PBX first checks if the password flag for the respective account is already set, and if not it sends the password; then sets the flag. See Extension on how to reset that flag.
  • "Never" means that the PBX does not provision passwords.

The setting "Write generated files" tells the PBX where to report generated files:

  • "To file" means the PBX writes those files to the file system. The location is "generated/(MAC)/(Filename)". Only files smaller than 256 KB are written to avoid unneccessary waste of file system space.
  • "To log" means that the PBX attempts to put this file into the log file. This only happens if TFTP has been enabled in the logging and the log level is high enough (8 or higher). In order to keep the log file short, the PBX writes only the first 2K to the logfile.

Image:port_tftp.gif

Retrieved from "http://wiki.pbxnsip.com/index.php/Port_Setup"
Personal tools
Getting Help