JItsi meet from a private network

@damencho @Boris_Grozev
I need one help.
I know we need to enable UDP PORT 10000 on JITSI MEET Videobridge on the server.

But my question is, what PORT do i need to allow on my local system which is using a strict firewall in a private network?

Without a firewall, my ports are randomly opening which are like 50000, 40250, 62500 etc, and every time I open a new tab, a new port opens in.

But i don’t know what will happen in case of accessing JITSI Meet installation from a PRIVATE network?

What PORT do we need to allow in client’s firewall so that we can run Jitsi meet conference using Chrome?
How UDP ports are opened in client’s system? Do chrome open this automatically from available OPEN UDP PORTS ?

Please help, i am confused.

Also, to access Google meet, they ask users to allow ports from 19000-19010.

What PORTs do we need to allow on Client’s firewall to connect with Jitsi meet server ?

You don’t need to allow incoming UDP ports on the client side.

You should allow outgoing UDP/10000. Since the server uses always the same port, no need to allow an UDP range, only outgoing UDP/10000 on the client side

what if there are 1000 connections in a firewall network and all clients are doing conference from same port ?

The firewall manages the traffic using (IP, port, protocol) group. There may be many clients in your network using the same port since their IP are not the same

thanks, understood.
What if UDP Ports are blocked by a firewall setting?

As per my research, WebRTC allocate random UDP port for a media transfer, but if UDP ports are blocked by firewall, what will happen ?

If the firewall blocks the clients to connect a remote UDP port or blocks the UDP traffic completly, you will need a TURN server which relays the UDP packages through an allowed channel (mostly TCP/443)

Thanks,

I have option to allow UDP Ports.
So if i allow PORT range 10000-10010 that is 10 PORTS, Will WebRTC choose a random PORT among these 10 available PORTS ?

Thanks again for clearing my doubts.

You only need to allow the exact destination port. If you have a one Jitsi server and if it uses UDP/10000 for videobridge traffic, allow only the outgoing UDP/10000.

Got it,
So, video bridge on server Allows UDP/10000.
And On Client’s firewall which will use chrome for conferencing, we have to allow PORT UDP/10000.

Will it be better if i allow all PORTS from 10000 to 10010 ?

Do you talk about allowing the outgoing traffic or the incoming traffic?

Since you have not a service which listens an UDP port in your network, you don’t need to allow any UDP port for incoming traffic.

If you have no remote server which uses other than UDP/10000, allow only outgoing UDP/10000 traffic on the client side firewall

For a video conference, Jitsi Video bridge will send Media using PORT 10000.
On client side, the browser too will send media to video bridge using UDP Ports.

SO my question is, if there are only few ports open, will WebRTC open any available PORT?

Right now on Public network, the PORT allocation is completely Random.

So, client also need to allow UDP port for outgoing traffic and i need to know which PORT or range should i allow,

Outgoing UDP/10000

Thank you