[Asterisk-Users] Re: IPTABLES Firewall

Matt mhoppes at gmail.com
Wed Apr 6 07:35:43 MST 2005


Ahh ok so that's the FROM port... got it... makes sence.. and yes that
rule seems to be working.. thanks

On Apr 6, 2005 10:18 AM, CuPoTKa <cupotka at gamcall.co.il> wrote:
> 
> 
> Matt wrote:
> > I'll elaborate slightly more... the wiki says:
> >
> > # SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
> > iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
> > # IAX2- the IAX protocol
> > iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
> > # IAX - most have switched to IAX v2, or ought to
> > iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT
> > # RTP - the media stream
> > iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
> > # MGCP - if you use media gateway control protocol in your configuration
> > iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT
> >
> >
> > However.. I've seen phones connect on what appears to be ports OTHER
> > then 5060.. example:
> > 301/301          (Unspecified)    D          255.255.255.255  0
> > Unmonitored
> > 300/300          (Unspecified)    D          255.255.255.255  0
> > Unmonitored
> > 204/204          65.173.xx.xx     D          255.255.255.255  5060
> > Unmonitored
> > 203/203          (Unspecified)    D          255.255.255.255  0
> > Unmonitored
> > 202/202          63.174.xx.xx   D          255.255.255.255  5060     Unmonitored
> > 201/201          65.173.xx.xx    D          255.255.255.255  18515
> > Unmonitored
> > 200/200          (Unspecified)    D          255.255.255.255  0
> > Unmonitored
> >
> >
> > So like extension 201 which is on 18515... is that going to still work?
> 
> They connect from port 18515 (or any port) to asterisk port 5060, so
> this rule
> iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
> is still OK
>



More information about the asterisk-users mailing list