[asterisk-users] "remote" SIP, no audio, or one way audio.
J. Oquendo
sil at infiltrated.net
Thu Apr 5 03:47:56 MST 2007
Joe Acquisto wrote:
>
>
> Thanks. And this might go where, in rc.d/rc.firewall.local ?
>
> But I don't get it. Isn't this redundant? Since I have port forwarding
> already. . .?
>
> joe a.
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
What this is doing is allowing unfettered access between your PBX and
phones. Too many people forget that a VoIP transaction consists of more
than just opening up ports 5060 and 5061. This are used for
registration/administration, etc., in the case of one way audio, or
audio for any matter, this is carried out by RTP on separate ports which
will never be the same port unless you have it specified.
Summarized: NAT + VoIP = nightmare
If at all doable, segment your phones out to a DMZ with VLANs,
constructive routing, and ACL's to avoid leveraged security incidents
via those phones being opened.
http://www.voip-info.org/wiki/index.php?page=RTP+Symmetric
http://www.voip-info.org/wiki/view/NAT+and+VOIP
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20070405/f0fa411f/smime.bin
More information about the asterisk-users
mailing list