[Asterisk-Users] Re: IPTABLES Firewall
Matt
mhoppes at gmail.com
Wed Apr 6 06:36:04 MST 2005
I'll elaborate slightly more... the wiki says:
# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
# IAX2- the IAX protocol
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
# IAX - most have switched to IAX v2, or ought to
iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT
# RTP - the media stream
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT
However.. I've seen phones connect on what appears to be ports OTHER
then 5060.. example:
301/301 (Unspecified) D 255.255.255.255 0
Unmonitored
300/300 (Unspecified) D 255.255.255.255 0
Unmonitored
204/204 65.173.xx.xx D 255.255.255.255 5060
Unmonitored
203/203 (Unspecified) D 255.255.255.255 0
Unmonitored
202/202 63.174.xx.xx D 255.255.255.255 5060 Unmonitored
201/201 65.173.xx.xx D 255.255.255.255 18515
Unmonitored
200/200 (Unspecified) D 255.255.255.255 0
Unmonitored
So like extension 201 which is on 18515... is that going to still work?
More information about the asterisk-users
mailing list