[asterisk-users] Asterisk & Pix firewalls

Yossi Ben Hagai yossibh at gmail.com
Tue Apr 24 21:54:59 MST 2007


I second that. the PIX has SIP fixup which allows RTP traffic to pass
dynamically based on SDP information, so you don't need to create a rule for
the RTP range - just allow SIP UDP 5060.

On 4/25/07, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:
>
> On Tue, Apr 24, 2007 at 11:04:53PM -0400, Lee Jenkins wrote:
> > Noah Miller wrote:
>
> > >SIP:
> > >TCP and UDP port 5060 (signalling) - can be changed in sip.conf
> > >UDP ports 10000-20000 (RTP stream) - can be changed in rtp.conf
> > >
>
> Yes. See rtp.conf (at least on your side).
>
> Also, if the firewall understands SIP, it may be smart enough to open
> the ports for the relevant RTP ports upon the beginning of a SIP
> session. So consider trying not to open any port for RTP.
>
> --
>               Tzafrir Cohen
> icq#16849755                    jabber:tzafrir at jabber.org
> +972-50-7952406           mailto:tzafrir.cohen at xorcom.com
> http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070424/9455edec/attachment.htm


More information about the asterisk-users mailing list