Configure The Firewall

Please note: this is legacy documentation. Please check out https://docs.miarec.com/all/ for the most up-to-date documentation and user guides.

By default, MiaRec uses the following ports, which should be added to the firewall exclusion list.

Port	Description
80 (tcp)	MiaRec Web-portal (HTTP protocol)
443 (tcp)	MiaRec Web-portal (HTTPS protocol). Requires installation of SSL certificate.
6554 (tcp)	Live monitoring signaling (RTSP protocol)
7000 - 7999 (udp)	Live monitoring media (RTP protocol)
5070 (tcp)	Cisco SIP trunk recording signaling (SIP protocol)
20000 - 21999 (udp)	Cisco SIP trunk recording media (RTP protocol)
5080 (tcp, udp)	SIPREC recording signaling (SIP protocol)
22000 - 23999 (udp)	SIPREC recording media (RTP protocol)

Instructions for iptables (Centos 6)

This document describes how to configure iptables.

Execute command iptables --line -vnL to see the current list of rule with line numbers. Example output:

[root@miarec ~]# iptables --line -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     3124 1264K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
3       11  3292 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5       63  4881 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 2937 packets, 1212K bytes)
num   pkts bytes target     prot opt in     out     source               destination

From this output we need to get the line number of the generic REJECT rule. In example above it is at line #5. We will need to add our exclusion rules just above this line.

Web-portal rule (port 80 tcp)

iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

Live monitoring rules

iptables -I INPUT 5 -i eth0 -p tcp --dport 6554 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p udp --dport 7000:7999 -m state --state NEW,ESTABLISHED -j ACCEPT

Cisco SIP trunk recording interface rules

iptables -I INPUT 5 -i eth0 -p udp --dport 5070 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p tcp --dport 5070 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p udp --dport 20000:21999 -m state --state NEW,ESTABLISHED -j ACCEPT

SIPREC recording interface rules

iptables -I INPUT 5 -i eth0 -p udp --dport 5080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p tcp --dport 5080 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i eth0 -p udp --dport 22000:23999 -m state --state NEW,ESTABLISHED -j ACCEPT

Save all rules into iptables configuration file
```
service iptables save
```
Restart iptables service
```
service iptables restart
```

Instructions for firewall-cmd (Centos 7)

Web-portal rule (port 80 tcp)

firewall-cmd --permanent --zone=public --add-port=80/tcp

Live monitoring rules

firewall-cmd --permanent --zone=public --add-port=6554/tcp
firewall-cmd --permanent --zone=public --add-port=7000-7999/udp

Cisco SIP trunk recording interface rules

firewall-cmd --permanent --zone=public --add-port=5070/udp
firewall-cmd --permanent --zone=public --add-port=5070/tcp
firewall-cmd --permanent --zone=public --add-port=20000-21999/udp

SIPREC recording interface rules

firewall-cmd --permanent --zone=public --add-port=5080/udp
firewall-cmd --permanent --zone=public --add-port=5080/tcp
firewall-cmd --permanent --zone=public --add-port=22000-23999/udp

Reload firewall-cmd configuration
```
firewall-cmd --reload
```

Verify Services Status

Reboot the machine and check if all services are up and running:

shutdown -r now

PostgreSQL database:
```
service postgresql-9.4 status
```
Redis cache (use ping command. It should print PONG if success):
```
redis-cli ping
```
Apache web server
```
service httpd status
```
Celery task manager

Centos 6 (init.d):
```
service celeryd status
```
Centos 7 (SystemD):
```
systemctl status celeryd
```
Celery beat scheduler
```
service celerybeat status
```
MiaRec recorder

Centos 6 (Upstart):
```
initctl status miarec
```
Centos 7 (SystemD):
```
systemctl status miarec
```

The MiaRec Platform

Essentials

Advanced

Premium

Add-ons

By Objective

By Industry

Featured Resources

Experience The Product

ROI & Pricing

Configure The Firewall

Please note: this is legacy documentation. Please check out https://docs.miarec.com/all/ for the most up-to-date documentation and user guides.

Instructions for iptables (Centos 6)

Instructions for firewall-cmd (Centos 7)

Verify Services Status

Conversation Intelligence and Auto QA Solutions for Better Business Outcomes