The üorts page allows you to control which networking resources the system will utilize when communicating with the outside IP world. When specifying ports, list the ports that you may bind to, either specifying a port number or explicitly specifying the IP address and the port, separated by a colon (e.g., 192.168.1.2:8080
). If you are binding to IPv6 addresses, you must put a square bracket around the IP address (e.g.,[2001:db8::4]:5060
). If you are only specifying the port number, the system will bind to all IPv4 and IPv6 addresses on the system. If you want to bind only to IPv4 sockets, use the form 0.0.0.0:5060
. If you want to bind only to IPv6 sockets, you can use [::]:5060
. In general, you may bind to more than one socket; just separate the addresses by spaces. If you do not want to use the service, leave the field empty. If you change a port binding, you will need to restart the Vodia PBX service. We support the default SIP port.
HTTP
These settings are located within Admin > Settings > Ports . The HTTP and HTTPS ports are used to communicate between the built-in web server and the web browser (the Vodia PBX does not rely on IIS or Apache for its web interface). The HTTP port is used for insecure, but lightweight, communication. The HTTPS port is used for secure, but a bit more expensive, communication. If you cannot reach the system on any port, change the ip_http_port
and ip_ https_port
parameters in the global configuration file (the defaults are shown below). If you are running another service on your host or if you want to gain some additional security, you may change these ports to any other available port. The system will fail to start if it cannot bind to the port.
- HTTP Ports: The list of ports that the PBX shall set up for insecure web communications (seperated by space). The default HTTP port is 80.
- HTTPS Port: The list of ports that the PBX shall set up for secure web communications (seperated by space). The default HTTPS port is 443.
- Redirect to HTTPS: In order to make sure that users use the secure HTTPS protocol, the PBX may ask the browser to switch to the secure protocol and provisions devices to use a secure connection. This works only if there is at least one HTTP socket available and accessible to the browser.
- Automatic: The system will decide automatically which is the default. The current algorithm is to check if the domain name in question is a FQDN and there is a certificate available for that domain or a certificate for the system management address, e.g. by using the ACME robot for requesting certificates.
- Off: This mode will disable the redirection.
- On: This mode will force to use HTTPS without futher checking if there is a valid certificate or FQDN.
- Use DNS names: This setting controls if the PBX should provision DNS names instead of IP addresses for provisioning phones and when creating links that point to the PBX. In automatic mode, the system will check if the domain name is a FQDN and then use that address when possible.
SNMP
The Simple Network Monitoring Protocol (SNMP) is used to poll the system for information. The PBX supports only version 1 of the SNMP protocol based on UDP. The following settings are available:
- SNMP Port: The SNMP port setting defines the ports on which the system will listen for SNMP requests. The list must be separated by space and may include the IP address that the socket will be bound to. By default, the port is 161.
- SNMP Trusted Addresses: This field lists the IP addresses that may send SNMP requests. The list is separated by space. If this setting is empty, the system will not accept any SNMP requests. Whenever a request is rejected, the system writes a log message. IPv4 and IPv6 addresses can be mixed. The PBX does not check the port numbers where the request comes from. This field does not support DNS addresses.
- SNMP Community: An SNMP community is the group to which devices and management stations running SNMP belong. If you would like to change the community, you can do so from the web interface. It does not require a restart of the service. SNMP default communities are private (write) and public (read). The system, by default, is set to "public".
- Syslog Port: The system can collect debugging information from VoIP phones using the syslog protocol (see the extension settings). The setting set the port that used on the PBX for collecting the information.
- Number of syslog entries: When syslog is enabled on a device, this setting controls how many entries are kept in memory.
The available SNMP sensors are available on a seperate page .
TFTP
The TFTP ports are used for provisioning purposes. Some SIP devices still use TFTP for automatic configuration, though most devices today use HTTP or HTTPS. On cloud installations it it recommded to delete the TFTP port because in thsoe environments TFTP will not work because of the NAT problems with TFTP.
- TFTP Port: The TFTP (Trivial File Transfer Protocol) port is on port 69 by default. If your machine has multiple network interface controllers (NICs), you may specify the IP address port to bind only to that port.
- Allow TFTP Write: Some devices write log files using TFTP, and this can be enabled with this feature; however, this feature makes it possible for users to write files that affect other devices, and this may introduce system instability and security concerns. Per the example above, you can also bind to a private IP address, which will make it more secure.
FTP
Like with TFTP, there are some devices that require FTP to retrieve the configuration from the PBX. For example it is required for zero-touch Polycom device provisioning in the LAN. Like with the TFTP port it is recommended to close this port unless you need it, especially when operating the PBX on a public IP address.
- FTP Port: The FTP (File Transfer Protocol) port is on port 21 by default. If your machine has multiple network interface controllers (NICs), you may specify the IP address port to bind only to that port.
NTP
When provisioning phones, the PBX must tell the phone where they can get their time from. The PBX includes a simple NTP server that can be used for this purpose; but the PBX can also provision the address of an external server. When using a local NTP server you need to make sure that the local PBX server has the correct time.
- NTP Port: The port for the internal NTP server. By default, NTP uses port 123. If the setting is empty, the PBX will not open a NTP port and provision the address of the NTP server.
- NTP Server: This setting contains the address of an external NTP server that should be provisioned. This can be a numeric IP address, but it can also be a DNS address.
LDAP
Many VoIP phones use the LDAP protocol to access the PBX address book. The PBX has a built-in LDAP server. The PBX will automatically provision those phones that use the ldap with the right address for accessing the LDAP server. Because there are many scanners searching for vulnerable Windows server LDAP ports, the default port setting for LDAP is a non-standard port. This is important if you manually set up LDAP.
- LDAP Port (TCP, StartTLS): The port for the unencrypted LDAP server. As with the HTTP ports, you may specify multiple ports and bind to IPv4 and IPv6 addresses. The PBX supports the StartTLS command for LDAP, so that phones can start using the insecure LDAP and then switch protocols to TLS.
- LDAP Port (TLS): Those devices that start with encrypted LDAP right from the beginning can use that port.
TCP Ports
- Maximum number of HTTP connections per second: The PBX limits the number of connections that it accepts per second. This ensures that the PBX does not get flooded with too many HTTP or HTTPS requests, which might consume too much CPU and memory resources for a stable PBX operations. This setting controls how many of those connected are accepted per second.
- Maximum number of HTTP connections (total): Similar to the previous setting, the PBX also limits the absolute number of HTTP connections that is may keep open at a time. Again, this is to make sure that the PBX does not run out of resources.