[asterisk-biz] 87.230.80.186 - Trying to register

Calleasy BsAS sisint2005 at hotmail.com
Thu Jun 24 18:25:24 CDT 2010 

 

I assume that we are talking about a PBX with  only  one network interface or conected right to th public ip trough one..

 

for  denny all connection  just need set  the POLICY to DROP into iptables  typing this 

 

iptables -P INPUT   DROP 

 

to do thius,   you must be logged into local temrinal on the box that is runnig asterisk

 

becasue this   denny any access !!!!

 

 

AFTER  denny all, you need enables access for ip desidered..

 

iptables -I INPUT -s  w.x.y.z ( good ip ) - j ACCEPT

aslo can use domain too

 

iptables -I INPUT -s  my.sip.friend.domain.com  ( good domain.) - j ACCEPT 

this rule resolves ip addres  using dns query qhen the  rule is loaded , so if this ip change after that ( ie the remote user  has a service that assign  to him dynamic ip and must reconenect you pc  while use a DDNS service ) ,  then  iptables must be reloaded iptables so get the new ip.

 

 

if you have more than one interface , you must tell to iptables on which one must accept conections 

 

 

iptables -I INPUT -i ethX -s  w.x.y.z ( good ip ) - j ACCEPT 

( ethX is the name of the intreface that conect PBX to Internet)

 

also must repaet for each interface that will accept conections. 

 

 

simple,  isn't it??

 

whe you finish , you NEED to SAVE the rules that works fine to reload them all times that you want .

 

to save your config  just type 

 

iptables-save > /folder-where-you-want-to-save-the-conf/my-config 

 

for load the saved configuration at any time that you need 

 

iptables-restore < /folder-where-you-has-save-the-conf/my-config

 

 

then  , for exceute this  any time that you restart the computer you  must   to include in rc.local ( placed into /etc/rc.d folder ) THIS SENTENCE 

  

iptables-restore < /folder-where-you-has-save/my-config

 

OR  also may  include the original command for  insertion rules into iptables  inside rc.local file 

 

iptables -P INPUT   DROP to denny any aacces  

iptables -I INPUT -s  w.x.y.z  - j ACCEPT

iptables -I INPUT -s  my.sip.friend.domain.com   - j ACCEPT 

 

 

important note: 

 

if you have a box with more than one network interface 

 

 AFTER set the POLICY to DENNY ( DROP)

 

you must also include  a rule to accept conection from your lan 

 

iptables -I INPUT -i ethX -s  m.l.n.o      - j ACCEPT

wehre  m.l.n.o es the ip formany station that  must access to PBX from inside. or   m.l.n.o/24 to accept from all network with 24 bits netmask ( 255.255.255.0)   to allow connection from the  network insde ...... be aware from this....

 

ie for accept all host form network 192.168.2.0 in  your lan conenct via eth1

 

iptables -I INPUT -i eth1 -s  192.168.2.0/24       - j ACCEPT

 

 

I hope that can help this...

 

feel free to contact of the list,,,  so we  avoid to trasnform in an "  iptables list" ..

 

Have good results!!!

 

 

Marcos

info at calleasy.com.ar

 

 
 		 	   		  
_________________________________________________________________
¿Tenés poco tiempo? Accedé a Hotmail mucho más rápido. Ver más
http://www.descubrehotmail.com/velocidad.asp 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20100624/776b57a7/attachment.htm

More information about the asterisk-biz mailing list