[Asterisk-Users] Re: Open Ports
Tom Ivar Helbekkmo
tih at eunetnorge.no
Sat Dec 18 06:43:56 MST 2004
Antony Stone <Antony.Stone at Asterisk.Open.Source.IT> writes:
>> My home firewall allows my Asterisk PBX to send any UDP traffic to
>> anyone, and keeps state, so they can answer. It also specifically
>> allows anyone to connect to UDP port 5060 on the PBX.
>
> Interesting. Does that allow other people to call you (first packets are
> inbound) as well as you calling other people (first packets are outbound)?
Yup. Incoming call establishment needs to reach UDP port 5060 here,
which is allowed.
> I guess the first few packets from them to you might get dropped
> because they don't match an "established" outbound connection, but
> as soon as you start sending packets to them, your firewall will
> allow two-way flow...
That's the trick, yes. It works because RTP streams look as if they
are bidirectional, so as soon as the first outgoing packet has been
transmitted, the incoming stream is permitted.
> Have you done this using netfilter?
I run NetBSD, which comes with IP Filter in it, so that's what I use.
(See <http://coombs.anu.edu.au/~avalon/ip-filter.html>.) Any firewall
should be able to do this properly, though.
-tih
--
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145
More information about the asterisk-users
mailing list