The instructions for configuring a jitsi-meet server that is behind NAT suggest that the ports 4443 and 10000 should be forwarded to it (besides 443): https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration

However while testing I have noticed that everything seems to be working fine even when port 10000 is not forwarded. Also the network description does mention the port 10000: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md#network-description

Am I missing something? What is the port 10000 needed for?

Port 10000 udp is used for media. Are you testing with 2 or 3 participants? 2 by default are in p2p.

I have tested with 2 participants (my laptop and my phone). Most probably I have not been testing it properly.

Just open 3 tabs on your desktop using same url.

hi damencho, I fellow quick install operation in my Aliyun VPS , now when the participants more than 3 it broke. I can’t see other participant’s video.there are some warnings

image.png1903×646 103 KB

i execute ifconfig see this

image.png820×292 10.2 KB

my vps public IP is 120.79.168.244 then I edit /etc/jitsi/videobridge/sip-communicator.properties add these lines

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=172.17.30.233
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=120.79.168.244

and restart vps . but the problem happen as before.
how to solve this? hope you can give me some advise.thanks.

Please do not hijack other threads that are on different subject.

Check your prosody and jicofo logs. I see other errors when accessing your deployment, like:
UnhandledError: null Script: null Line: null Column: null StackTrace: Error: Feature discovery error: null

@Kimipoker I tested again and it seems to me you are just missing the port forwarding. Make sure on your VPS console you forward the ports from the public ip to the VM.
It can be also a firewall running on the VM blocking the ports.

sorry for that. i will check . thanks

I can confirm that without forwarding the port 10000 it does not work. I don’t know why it seemed like working previously.

Hello guys,

I’ve a question. Why 10000 Port needs to open when behide a firewall? I scan meet.jit.si and not see this port. In my internal network I can see guest camera stream, but when I access my jitsi server from external network I can’t see them. What’s wrong?

Thanks advance!

nmap -PN --dns-servers 8.8.4.4 meet.jit.si

Starting Nmap 7.01 ( https://nmap.org ) at 2019-10-14 09:14 -03
Nmap scan report for meet.jit.si (52.67.86.114)
Host is up (0.035s latency).
Other addresses for meet.jit.si (not scanned): 54.207.114.82 2600:1f1e:c1a:5001:fcab:45b9:30b8:280e 2600:1f1e:c1a:5002:e65b:c69c:eb60:d385
rDNS record for 52.67.86.114: ec2-52-67-86-114.sa-east-1.compute.amazonaws.com
Not shown: 994 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed ident
443/tcp open https
5060/tcp open sip
8008/tcp open http
8010/tcp closed xmpp

Port 10000 udp is where clients communicate with jvb, if you don’t allow this and haven’t done the port forwarding the clients cannot send to jvb and so nothing will be received.

You are scanning the wrong thing, you need to find one of the jvb instances which is used in your geo region and scan that meet.jit.si is complex and not just a single machine and ip-address most probably you are scanning just one of the load balancers fronting the service …

You need to open/forward needed ports and set public and private address of the bridge as said here: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md#advanced-configuration

Thanks @damencho I’ll check my settings again.

It’s nop posible to change these port 10000 to other ?

yes it’s possible, add the below line:
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=YourNewPort

to:
/etc/jitsi/videobridge/sip-communicator.properties

Thanks, thats the line that I need to put to work behiend a NAT

Hi, what happend with multiple videobridges2 servers and NAT port forwarding UDP 10000 ? Need diferent forward for each one , or jicofo manage this ?

If you have multiple public IPs just forward port 10000/UDP from each public IP to videobridges private IPs. In case you only have one public IP you can configure the videobridges to use different ports and forward each port to each videobridge private IP.
As @Yassine said you can configure the videobridge’s listening port adding org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=YourNewPort to /etc/jitsi/videobridge/sip-communicator.properties

In addition to assigning a port to each JVB, it is necessary to indicate in each one of them public and private IP or only in one ???

Example:

JVB1:
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=10000 (JVB Port)
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=10.x.x.10 (node private IP)
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=89.x.x.10 (same public IP)

JVB 2:
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=10001 (JVB Port)
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=10.x.x.11 (node private IP)
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=89.x.x.10 (same public IP)

JVB 3:
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=10002 (JVB Port)
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=10.x.x.13 (node private IP)
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=89.x.x.10 (same public IP)

it is right?

No need to add NAT_HARVESTER_... lines if there is a valid org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES line and your clients are remote (not in the same network with JVB)

I’m not even sure this matters, actually.