Skip to main content
  • Products
    • Overview
    • Features
    • Screen Capture
    • Quality Management
    • Speech Analytics
    • Recording Announcement
    • Videos
    • Online demo
    • Quote
    • Download
  • Solutions
    • Businesses
    • Contact centers
    • Financial institutions
    • Healthcare
    • MiFID II compliance
    • Telecom service providers
    • Traders
  • Compatibility
    • AudioCodes
    • Avaya
    • BroadSoft
    • Cisco
    • Genband
    • IPC
    • Metaswitch
    • Oracle AcmePacket
    • SIPREC recording
    • Sonus
  • Documentation
    • User Guide
    • Administration Guide
    • Developer Guide
    • MiaRec v.3 (old) documentation
    • Resource library
    • Videos
  • Support
    • Submit a request
    • Check your existing requests
    • TeamViewer QuickSupport
  • Blog
  • Company
    • About MiaRec
    • Contact us
    • Our clients
    • Become a partner
    • News
    • Careers
    • Events
Home › Legacy documentation › Manual installation (deprecated) on Linux › Installation on Linux (Centos/RedHat) manually (deprecated) ›
 

Configure firewall

By default MiaRec uses the following ports, which should be added into firewall exclusion list.

Port Description
80 (tcp) MiaRec Web-portal (HTTP protocol)
443 (tcp) MiaRec Web-portal (HTTPS protocol). Requires installation of SSL certificate.
6554 (tcp) Live monitoring signaling (RTSP protocol)
7000 - 7999 (udp) Live monitoring media (RTP protocol)
5070 (tcp) Cisco SIP trunk recording signaling (SIP protocol)
20000 - 21999 (udp) Cisco SIP trunk recording media (RTP protocol)
5080 (tcp, udp) SIPREC recording signaling (SIP protocol)
22000 - 23999 (udp) SIPREC recording media (RTP protocol)

Instructions for iptables (Centos 6)

This document describes how to configure iptables.

Execute command iptables --line -vnL to see the current list of rule with line numbers. Example output:

[root@miarec ~]# iptables --line -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     3124 1264K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3       11  3292 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5       63  4881 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 2937 packets, 1212K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

From this output we need to get the line number of the generic REJECT rule. In example above it is at line #5. We will need to add our exclusion rules just above this line.

  • Web-portal rule (port 80 tcp)

    iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
    
  • Live monitoring rules

    iptables -I INPUT 5 -i eth0 -p tcp --dport 6554 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -I INPUT 5 -i eth0 -p udp --dport 7000:7999 -m state --state NEW,ESTABLISHED -j ACCEPT
    
  • Cisco SIP trunk recording interface rules

    iptables -I INPUT 5 -i eth0 -p udp --dport 5070 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -I INPUT 5 -i eth0 -p tcp --dport 5070 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -I INPUT 5 -i eth0 -p udp --dport 20000:21999 -m state --state NEW,ESTABLISHED -j ACCEPT
    
  • SIPREC recording interface rules

    iptables -I INPUT 5 -i eth0 -p udp --dport 5080 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -I INPUT 5 -i eth0 -p tcp --dport 5080 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -I INPUT 5 -i eth0 -p udp --dport 22000:23999 -m state --state NEW,ESTABLISHED -j ACCEPT
    
  • Save all rules into iptables configuration file

    service iptables save
    
  • Restart iptables service

    service iptables restart
    

Instructions for firewall-cmd (Centos 7)

  • Web-portal rule (port 80 tcp)

    firewall-cmd --permanent --zone=public --add-port=80/tcp
    
  • Live monitoring rules

    firewall-cmd --permanent --zone=public --add-port=6554/tcp
    firewall-cmd --permanent --zone=public --add-port=7000-7999/udp
    
  • Cisco SIP trunk recording interface rules

    firewall-cmd --permanent --zone=public --add-port=5070/udp
    firewall-cmd --permanent --zone=public --add-port=5070/tcp
    firewall-cmd --permanent --zone=public --add-port=20000-21999/udp
    
  • SIPREC recording interface rules

    firewall-cmd --permanent --zone=public --add-port=5080/udp
    firewall-cmd --permanent --zone=public --add-port=5080/tcp
    firewall-cmd --permanent --zone=public --add-port=22000-23999/udp
    
  • Reload firewall-cmd configuration

    firewall-cmd --reload
    
‹ Install MiaRec Screen Recording Controller up Verify services status ›
  • Printer-friendly version

Legacy documentation

  • Legacy documentation
    • Passive call recording setup
      • What is port mirroring?
      • Virtual machine + passive recording
      • How to configure port mirroring on different switches
        • Cisco Catalyst 2960 Series Switches
        • D-Link DES-3010
        • Dell PowerConnect 2700 Series
        • Netgear FS726T
        • TP-LINK TL-SL2428WEB
      • Port Mirroring in complex call scenarios
      • Switches with port mirroring
    • Manual installation (deprecated) on Linux
      • Installation on Linux (Centos/RedHat) manually (deprecated)
        • Install MiaRec Web portal
          • Install PostgreSQL
          • Install Python 3
          • Install Apache web server
          • Install Redis cache
          • Install MiaRec web application
          • Install Celery task manager
        • Install MiaRec Recorder
          • SystemD start-up script (Centos 7.x)
          • Upstart start-up script (Centos 6.x)
          • Init.d start-up script
        • Install MiaRec Screen Recording Controller
        • Configure firewall
        • Verify services status
      • Installation on Linux (Ubuntu) manually (deprecated)
        • Install MiaRec Web portal
          • Install PostgreSQL
          • Install Python
          • Install Apache web server
          • Install Redis cache
          • Install MiaRec web application
          • Install Celery task manager
        • Install MiaRec Recorder
        • Configure firewall
    • Manual update on Linux (deprecated)
      • Update MiaRec Web portal
      • Update MiaRec recorder files
    • Cisco TAPI integration
      • Add TAPI user for MiaRec application
      • Configure Cisco TAPI TSP driver
      • Verify Cisco TAPI configuration
      • Enable Cisco TAPI interface in MiaRec
MiaRec, Inc. © 2019. All Rights Reserved. | Terms of Use | Privacy Statement | Cancellation Policy