Ports also known as network ports, which are logical endpoints used in computer networking to identify specific services or applications running on computing devices like servers. In TCP/IP networking, ports are used to differentiate between different types of network traffic and can allow or block access to specific services.
In simple terms, ports can be configured to allow defined traffic to come in (incoming traffic) and go out (outgoing traffic) from the networked computing device. On the other hand, ports can also be configured not to allow any type of traffic to come in or go out of the network system
RECOMMENDED READING: How to install Ant Media Server on VPS
As we know it, various internet and web applications have distinct types of traffic. For example, when you have a web server hosting a web application, HTTP/HTTPS traffic depends on the REQUEST-RESPONSE cycle between the client’s browser on the local device and the server itself hosting the web files or application.
In this context, the HTTP/HTTPS traffic has to go through the defined or default ports like 80 and 443. From this example, Port 80 & 443 are known to be the standard HTTP & HTTPS ports respectively, and they act as the logical gateways to allow the exchange of data between the web server (hosting server) and the end-user, which is a local device browsing an application in the browser.
How does a firewall relate to network ports?
Firewalls are security devices or software, that can be configured to control the flow of network traffic based on port numbers. Firewalls can enforce network security policies and protect systems from unauthorized access or potential threats. For example, we can choose to limit certain traffic from coming in or going out from the server by using the firewall. Let’s say we didn’t want other people to be able to log into our server using SSH, we could just choose to whitelist our devices’ IP addresses, preventing undefined IP addresses from successfully logging in.
RECOMMENDED READING: How to install and configure UFW firewall on Ubuntu Linux
Ant Media Server Ports
Every networked system on the web relies on firewall ports to allow appropriate traffic. For example, Ant Media server requires its stand ports to be opened through the firewall. These ports include the following:
TCP Port:1935
Ant Media Server uses the default port 1935 to allow RTMP streams. This port allows you to create RTMP broadcasts using Ant Media so you can accept publisher streams and broadcast streams.
TCP port: 5080
This port is necessary to access the unencrypted HTTP URL of the Ant Media server admin web Panel. Instead of port 80, which is the default web server HTTP port, Ant Media uses its own stand port for HTTP which is 5080
TCP port: 5443
This is used to access the encrypted HTTPS admin URL of your Ant Media server admin web panel. Instead of the default HTTPS port 443, Ant Media uses its port which is 5443. You need this port to be opened especially if you’re adding a custom domain name with SSL certificate configured on your Ant Media server.
UDP Port range: 5000–65000
You will need this port range to be opened for WebRTC streaming.
TCP Port range: 5000-65000.
This port range is used if you’re running Ant Media server in a cluster mode. You will need to open these ports only in cluster mode for the internal network. Please don’t open these ports to the public.
RECOMMENDED READING: Solved: Protect Ant Media Streams from getting embedded
Opening Ant Media Ports using iptables Firewall
iptables is one of the commonly used firewall platforms that come preinstalled in most Linux distributions. All you need to do is to run iptables commands that can open the required Ant Media ports. And here is how we go about it;
Open TCP Port: 1935 for RTMP
port 1935 is the standard port for RTMP.
sudo iptables -A INPUT -p tcp --dport 1935 -j ACCEPT
Open TCP port 5080 for HTTP Web Panel URL
To access the HTTP version of Ant Media web Panel URL, you need to open Port 5080
sudo iptables -A INPUT -p tcp --dport 5080 -j ACCEPT
Open TCP port: 5443 for HTTPS Web Panel URL
If you’ve installed SSL on Ant Media, the you need to open port 5443
sudo iptables -A INPUT -p tcp --dport 5443 -j ACCEPT
Open UDP port range: 5000-65000 necessary for WebRTC streaming
Ant Media advises to open this UDP port range 5000-65000 for webRTC streaming.
sudo iptables -A INPUT -p udp -m udp --dport 5000:65000 -j ACCEPT
RECOMMENDED READING: How to embed Ant Media Player in WordPress Website
Ant Media Port Forwarding using iptables
Port forwarding is a technique used in networking to redirect network traffic from one IP address or port combination to another.
As we know it, the Ant Media server uses ports: 5080 & 5443 for HTTP and HTTPS for web panel access. But also, the standard HTTP & HTTPS ports are 80 & 443 respectively. This means that we need to implement the port forwarding rules using the firewall, redirecting traffic from the default HTTP/HTTPS (80 & 443) ports to the defined Ant media HTTP/HTTPS (5080 & 5443) ports necessary for the web panel access. We can achieve this using iptables as shown below;
Forward HTTP traffic from the default port 80 to port 5080
HTTP traffic will be forwarded from the default HTTP port 80 to 5080 which Ant Media server requires
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 5080
Forward HTTPS traffic from the default port 443 to port 5443
HTTPS traffic will be forwared from 443 to 5443
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5443
RECOMMENDED READING: How much does Ant Media cost to stream to 1000 viewers on AWS
Saving the iptables firewall rules
When using iptables for firewall configurations, you will also need to install the iptables-persistent package that will ensure that the set firewall rules are reloaded in case the server unexpectedly reboots.
Download iptables-persistent package
We can install the iptables-persistent package by running the following command;
sudo apt-get install iptables-persistent
When the iptables-persistent package is installed, we need to use it to save the set iptables firewall rules using the following command;
sudo sh -c "iptables-save > /etc/iptables/rules.v4"
Opening Ant Media Ports using UFW Firewall
If you don’t know how to install UFW, please read this article to help you. And assuming you already have UFW Firewall installed and configured on your system, let’s use it to open the appropriate Ant Media ports as follows;
Open TCP Port:1935 for RTMP
You can run the following command on your terminal to open the RTMP port using UFW Firewall
sudo ufw allow 1935
Open TCP port 5080 for HTTP Web Panel URL
We can open port 5080
to allow us to access the unencrypted URL of the Ant Media web panel. Run the following command on your terminal;
sudo ufw allow 5080
Open TCP port 5443 for HTTPS Web Panel URL
This port is required if you’ve added a custom domain to your Ant Media server and then installed an SSL certificate on it. This basically means that you will be able to access your Ant Media web Panel with the HTTPS version of your domain name. And you can run the following command to open port 5443;
sudo ufw allow 5443
Open UDP port range 5000-65000 necessary for WebRTC streaming
To allow WebRTC, you can run the following UFW firewall command on your server terminal;
sudo ufw allow 5000:65000/udp
Can I implement port forwarding using UFW firewall?
UFW does not have direct support for port forwarding as it primarily focuses primarily on basic firewall functionality such as allowing or blocking incoming and outgoing connections based on predefined rules.
UFW provides an easy-to-use command-line interface so users can manage firewall rules without overwhelming them with complex options.
And just to be clear, you can still achieve port forwarding functionality by combining UFW with other tools. This means that you can use tools like iptables directly to set up port forwarding rules alongside UFW.
More Ant Media Server articles to explore
- How to Secure HLS & DASH Streams in Ant Media Server?
- Solved: SSL not installing on Ant Media Server
- How to install an SSL Certificate on Ant Media Server
- How can I update Ant Media Server on Ubuntu?
- Solved: Protect Ant Media Streams from getting embedded
- What you need to know before deploying Ant Media in AWS Cluster
- Solved: Ant Media stream refusing to play after embedding
- How to embed Ant Media Player in WordPress Website
- How can I enable Adaptive Bitrate streaming in Ant Media Server?
- How much does Ant Media cost to stream to 1000 viewers on AWS
- How much bandwidth does Ant Media Server need?
- How to Optimize the Performance of Ant Media Server
- Why does my Ant Media stream keep buffering?
- How to secure your Ant Media Livestreams?
- Can I use the ant media community license in a cluster?
- How many Streaming channels can you set up on Ant Media?
- Do I necessarily need a GPU to stream Full HD using Ant Media Server?
- How much computing power do you need for Ant Media Server?
- SOLVED: Your live stream will play automatically as soon as it’s available