Snowflake standalone proxy: Port range considerations


I’m currently running a standalone Snowflake proxy in a docker container I’ve built to include the option to configure the ICE ephemeral ports range setting CLI parameter to have some control over the ports it uses so that I can configure my firewall/NAT not to restrict the proxy.

I’m currently using a range of 1000 UDP ports and based on the logs, it’s working so far (NAT type is unrestricted), with approx. 70 connections per hour, but I’ve been wondering if I can restrict the number of ports the proxy uses further without negatively impacting its performance.

To my understanding, those ports are used to establish the WebRTC connection to the Snowflake clients, so I’m assuming that the number of ports affects the number of simultaneous connections my proxy can handle. Is that correct?
Are there other points to consider (e.g., making it easier to block the connections to the proxy using those ports)?

Use command line proxy -h ; it will show commands options where you could try

./proxy -capacity 100

To clarify: I‘m not looking to restrict the number of clients my proxy can serve. Quite the opposite: I‘m trying to make sure that my configuration does not negatively impact or somehow restrict performance.

My goal is to have my proxy not restricted by NAT while still keeping my network as secure as possible. With the default configuration, I‘d have to punch a hole into my firewall that ranges roughly somewhere from UDP ports 30000-65000, which I really want to avoid. I‘m now wondering how small I could make that range (using the CLI option I linked above, which works like a charm) without negatively impacting my proxy.

Yes. That is correct.

1 Like