Firewall Ports

Having trouble placing or receiving calls or using your voicemail system on Ooma Telo VoIP Phones? Post your questions here.
Post Reply
kludge
Posts:3
Joined:Sat Mar 06, 2021 8:01 am
Firewall Ports

Post by kludge » Sat Mar 06, 2021 8:12 am

Hello,

I configured my firewall to allow the local ports called out on this support page:
https://support.ooma.com/home/advanced- ... ice-ports/

That page specifies UDP port range 49000 - 50000, however I'm seeing incoming UDP packets destined for port 44624 from Ooma IP addresses which my firewall is dropping because it is outside of the specified range. Nowhere on the list is port 44624 called out. I have a few questions based on this behavior.
- Does that support page need updating?
- If so, what is the actual UDP port range?
- If not, why are Ooma IP's sending packets to the incorrect port?

FYI I'm using Ooma Telo (residential) and I have the older, first version of the Telo if that matters.

Thanks!

murphy
Posts:7554
Joined:Tue Jan 27, 2009 12:49 pm
Location:Pennsylvania

Re: Firewall Ports

Post by murphy » Sat Mar 06, 2021 1:08 pm

That is an ancient document. The last paragraph indicates it was written for the original HUB which preceded the Telo.
The Hub allowed the integration of a landline into the system. The Telo does not support that.

You don't need to block incoming ports. If a receiver has not been activated for an inbound port then any traffic sent to that port will be ignored.
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

kludge
Posts:3
Joined:Sat Mar 06, 2021 8:01 am

Re: Firewall Ports

Post by kludge » Sat Mar 06, 2021 2:59 pm

Thanks for the response.

All firewalls I know of block ports by default and ask you to open them as needed. Based on that, the ports are already blocked.

I think you're saying that no ports need to be opened for the Ooma Telo. I'm still curious why Ooma is sending me UDP packets. I guess that will go unanswered.

murphy
Posts:7554
Joined:Tue Jan 27, 2009 12:49 pm
Location:Pennsylvania

Re: Firewall Ports

Post by murphy » Sat Mar 06, 2021 4:30 pm

All of the audio is encapsulated in UDP packets. TCP doesn't work for audio because TCP does retries to guarantee all packets get through. That would sound absolutely horrible. A dropped UDP packet is unlikely to be detectable in an audio stream.

Most businesses block outgoing ports to prevent their employees from visiting non-business websites.

There is no reason to block incoming ports. If a program isn't waiting for data on a port, it is by definition blocked. Anything coming in on a port that doesn't have a program waiting to process it goes no where.

When a program requests data from a server it tells the server what port to respond to. It then opens that port and waits for the response. When the response is received it closes the port.
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

kludge
Posts:3
Joined:Sat Mar 06, 2021 8:01 am

Re: Firewall Ports

Post by kludge » Sat Mar 06, 2021 5:08 pm

For whatever reason the thread has been hijacked. I'm just asking about what ports Ooma needs open and not a Networking 101 class.

Your point about packets dropping if nothing is listening is valid but that also assumes the following:
- No servers are running and listening on any ports
- No nefarious activity where port scanners are looking for any opportunity to exercise a vulnerability

I'm not sure I'd want anyone posting on my forums telling people to leave all ports open. That is very scary and a huge liability in our litigious society.

I run servers on my LAN and I definitely don't want all ports open to the Internet. Most of the servers are intended for internal use and I am not the type to invite trouble. Based on that, I definitely lock down all ports unless they need to be open. I think you're playing with fire if you leave ports open but it is your call.

Post Reply