Reloading firewalld or restarting FreedomBox will fix this issue. We have a proper fix for this issue in upcoming release 20.9 so reload/restart won’t be necessary.
Looks like I forgot this FreedomBox default configuration. I intended to add it. Created an issue for this: coturn: Add verbose flag to configuration file (#1850) · Issues · FreedomBox / FreedomBox · GitLab
Yes, that port range is needed as well. These port will be used if STUN fails and TURN is selected. TrickleICE can detect this problem as I think it does not do actual relaying during the test. But call will fail.
To overcome 255 port as max range, add 3 more rules.
5349 is the actual port for TLS (TCP) and DTLS (UDP) communication. However, the same service is provided on 3478 port as well apart from unencrypted traffic (encryption is used based on how incoming requests are).