How to open Ant Media Ports through the Firewall?

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article. You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

UPDATED: 9 months ago | Elijah Were

$5.50 Monthly

4 vCPU Cores | 8GB RAM

$15.50 Monthly

6 vCPU Cores | 16GB RAM

$17.50 Monthly

8 vCPU Cores | 24GB RAM

Ports also known as network ports, which are logical endpoints used in computer networking to identify specific services or applications running on computing devices like servers. In TCP/IP networking, ports are used to differentiate between different types of network traffic and can allow or block access to specific services.

In simple terms, ports can be configured to allow defined traffic to come in (incoming traffic) and go out (outgoing traffic) from the networked computing device. On the other hand, ports can also be configured not to allow any type of traffic to come in or go out of the network system

As we know it, various internet and web applications have distinct types of traffic. For example, when you have a web server hosting a web application, HTTP/HTTPS traffic depends on the REQUEST-RESPONSE cycle between the client’s browser on the local device and the server itself hosting the web files or application.

In this context, the HTTP/HTTPS traffic has to go through the defined or default ports like 80 and 443. From this example, Port 80 & 443 are known to be the standard HTTP & HTTPS ports respectively, and they act as the logical gateways to allow the exchange of data between the web server (hosting server) and the end-user, which is a local device browsing an application in the browser.

How does a firewall relate to network ports?

Firewalls are security devices or software, that can be configured to control the flow of network traffic based on port numbers. Firewalls can enforce network security policies and protect systems from unauthorized access or potential threats. For example, we can choose to limit certain traffic from coming in or going out from the server by using the firewall. Let’s say we didn’t want other people to be able to log into our server using SSH, we could just choose to whitelist our devices’ IP addresses, preventing undefined IP addresses from successfully logging in.

Ant Media Server Ports

Every networked system on the web relies on firewall ports to allow appropriate traffic. For example, Ant Media server requires its stand ports to be opened through the firewall. These ports include the following:

TCP Port:1935

Ant Media Server uses the default port 1935 to allow RTMP streams. This port allows you to create RTMP broadcasts using Ant Media so you can accept publisher streams and broadcast streams.

TCP port: 5080

This port is necessary to access the unencrypted HTTP URL of the Ant Media server admin web Panel. Instead of port 80, which is the default web server HTTP port, Ant Media uses its own stand port for HTTP which is 5080

TCP port: 5443

This is used to access the encrypted HTTPS admin URL of your Ant Media server admin web panel. Instead of the default HTTPS port 443, Ant Media uses its port which is 5443. You need this port to be opened especially if you’re adding a custom domain name with SSL certificate configured on your Ant Media server.

UDP Port range: 5000–65000

You will need this port range to be opened for WebRTC streaming.

TCP Port range: 5000-65000.

This port range is used if you’re running Ant Media server in a cluster mode. You will need to open these ports only in cluster mode for the internal network. Please don’t open these ports to the public.

Opening Ant Media Ports using iptables Firewall

iptables is one of the commonly used firewall platforms that come preinstalled in most Linux distributions. All you need to do is to run iptables commands that can open the required Ant Media ports. And here is how we go about it;

Open TCP Port: 1935 for RTMP

port 1935 is the standard port for RTMP.

sudo iptables -A INPUT -p tcp --dport 1935 -j ACCEPT

Open TCP port 5080 for HTTP Web Panel URL

To access the HTTP version of Ant Media web Panel URL, you need to open Port 5080

sudo iptables -A INPUT -p tcp --dport 5080 -j ACCEPT

Open TCP port: 5443 for HTTPS Web Panel URL

If you’ve installed SSL on Ant Media, the you need to open port 5443

sudo iptables -A INPUT -p tcp --dport 5443 -j ACCEPT

Open UDP port range: 5000-65000 necessary for WebRTC streaming

Ant Media advises to open this UDP port range 5000-65000 for webRTC streaming.

sudo iptables -A INPUT -p udp -m udp --dport 5000:65000 -j ACCEPT

Ant Media Port Forwarding using iptables

Port forwarding is a technique used in networking to redirect network traffic from one IP address or port combination to another.

As we know it, the Ant Media server uses ports: 5080 & 5443 for HTTP and HTTPS for web panel access. But also, the standard HTTP & HTTPS ports are 80 & 443 respectively. This means that we need to implement the port forwarding rules using the firewall, redirecting traffic from the default HTTP/HTTPS (80 & 443) ports to the defined Ant media HTTP/HTTPS (5080 & 5443) ports necessary for the web panel access. We can achieve this using iptables as shown below;

Forward HTTP traffic from the default port 80 to port 5080

HTTP traffic will be forwarded from the default HTTP port 80 to 5080 which Ant Media server requires

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 5080

Forward HTTPS traffic from the default port 443 to port 5443

HTTPS traffic will be forwared from 443 to 5443

sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5443

Saving the iptables firewall rules

When using iptables for firewall configurations, you will also need to install the iptables-persistent package that will ensure that the set firewall rules are reloaded in case the server unexpectedly reboots.

Download iptables-persistent package

We can install the iptables-persistent package by running the following command;

sudo apt-get install iptables-persistent

When the iptables-persistent package is installed, we need to use it to save the set iptables firewall rules using the following command;

sudo sh -c "iptables-save > /etc/iptables/rules.v4"

Opening Ant Media Ports using UFW Firewall

If you don’t know how to install UFW, please read this article to help you. And assuming you already have UFW Firewall installed and configured on your system, let’s use it to open the appropriate Ant Media ports as follows;

Open TCP Port:1935 for RTMP

You can run the following command on your terminal to open the RTMP port using UFW Firewall

sudo ufw allow 1935

Open TCP port 5080 for HTTP Web Panel URL

We can open port 5080 to allow us to access the unencrypted URL of the Ant Media web panel. Run the following command on your terminal;

sudo ufw allow 5080

Open TCP port 5443 for HTTPS Web Panel URL

This port is required if you’ve added a custom domain to your Ant Media server and then installed an SSL certificate on it. This basically means that you will be able to access your Ant Media web Panel with the HTTPS version of your domain name. And you can run the following command to open port 5443;

sudo ufw allow 5443

Open UDP port range 5000-65000 necessary for WebRTC streaming

To allow WebRTC, you can run the following UFW firewall command on your server terminal;

sudo ufw allow 5000:65000/udp

Can I implement port forwarding using UFW firewall?

UFW does not have direct support for port forwarding as it primarily focuses primarily on basic firewall functionality such as allowing or blocking incoming and outgoing connections based on predefined rules.

UFW provides an easy-to-use command-line interface so users can manage firewall rules without overwhelming them with complex options.

And just to be clear, you can still achieve port forwarding functionality by combining UFW with other tools. This means that you can use tools like iptables directly to set up port forwarding rules alongside UFW.

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

Website migration, troubleshooting, and maintenance.
Server & application deployment, scaling, troubleshooting, and maintenance
Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx, OpenVPN, cPanel, WHMCS, WordPress, and more
Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.