- Legacy documentation
- Passive call recording setup
- Manual installation (deprecated) on Linux
- Manual update on Linux (deprecated)
- Cisco TAPI integration
By default MiaRec uses the following ports, which should be added into firewall exclusion list.
Port | Description |
---|---|
80 (tcp) | MiaRec Web-portal (HTTP protocol) |
443 (tcp) | MiaRec Web-portal (HTTPS protocol). Requires installation of SSL certificate. |
6554 (tcp) | Live monitoring signaling (RTSP protocol) |
7000 - 7999 (udp) | Live monitoring media (RTP protocol) |
5070 (tcp) | Cisco SIP trunk recording signaling (SIP protocol) |
20000 - 21999 (udp) | Cisco SIP trunk recording media (RTP protocol) |
5080 (tcp, udp) | SIPREC recording signaling (SIP protocol) |
22000 - 23999 (udp) | SIPREC recording media (RTP protocol) |
This document describes how to configure iptables.
Execute command iptables --line -vnL
to see the current list of rule with line numbers.
Example output:
[root@miarec ~]# iptables --line -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 3124 1264K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
3 11 3292 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 63 4881 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 2937 packets, 1212K bytes)
num pkts bytes target prot opt in out source destination
From this output we need to get the line number of the generic REJECT rule. In example above it is at line #5. We will need to add our exclusion rules just above this line.
Web-portal rule (port 80 tcp)
iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
Live monitoring rules
iptables -I INPUT 5 -i eth0 -p tcp --dport 6554 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p udp --dport 7000:7999 -m state --state NEW,ESTABLISHED -j ACCEPT
Cisco SIP trunk recording interface rules
iptables -I INPUT 5 -i eth0 -p udp --dport 5070 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p tcp --dport 5070 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p udp --dport 20000:21999 -m state --state NEW,ESTABLISHED -j ACCEPT
SIPREC recording interface rules
iptables -I INPUT 5 -i eth0 -p udp --dport 5080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p tcp --dport 5080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p udp --dport 22000:23999 -m state --state NEW,ESTABLISHED -j ACCEPT
Save all rules into iptables configuration file
service iptables save
Restart iptables service
service iptables restart
Web-portal rule (port 80 tcp)
firewall-cmd --permanent --zone=public --add-port=80/tcp
Live monitoring rules
firewall-cmd --permanent --zone=public --add-port=6554/tcp
firewall-cmd --permanent --zone=public --add-port=7000-7999/udp
Cisco SIP trunk recording interface rules
firewall-cmd --permanent --zone=public --add-port=5070/udp
firewall-cmd --permanent --zone=public --add-port=5070/tcp
firewall-cmd --permanent --zone=public --add-port=20000-21999/udp
SIPREC recording interface rules
firewall-cmd --permanent --zone=public --add-port=5080/udp
firewall-cmd --permanent --zone=public --add-port=5080/tcp
firewall-cmd --permanent --zone=public --add-port=22000-23999/udp
Reload firewall-cmd configuration
firewall-cmd --reload