[asterisk-users] Dead Air on PF firewall
NOC ph
nocph at aol.com
Sun Mar 9 18:00:17 CDT 2008
Hi All,
I have an asterisk box on my DMZ, and I'm using a PF for my firewall, I
can make a call but some reasons I have a dead air.
Any Ideas? below are my rules...
ext_if = "bce0"
int_if = "bce1"
altitude = "172.16.1.0/24"
#### machines ####
vbox = "172.16.1.1"
uci = "172.16.1.4"
voices = "203.172.x.1"
ipc = "203.172.x.2"
#### default deny ####
set block-policy return
set loginterface $ext_if
set skip on lo
scrub in
#### nat ####
nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat on $ext_if inet proto { udp tcp } from $vbox to any port 5060 ->
$ext_if port 5060
nat on $ext_if inet proto tcp from $uci to any port 1500 -> $ext_if port
1500
rdr on $ext_if proto { udp tcp } from any to $ext_if port 5060 -> $vbox
port 5060
rdr on $ext_if proto udp from any to $ext_if port 5100 -> $vbox port 5100
#### filtering section ####
pass out on { $int_if, ext_if } inet proto { udp tcp } from $altitude to any
pass in on $ext_if inet proto { tcp udp } from $ipc to any port 5060
pass in on $ext_if inet proto tcp from $ipc to any port 1500 flags S/SA
keep state
pass in on bce0 proto tcp from $ipc to any port ssh flags S/SA keep state
pass in inet proto icmp all icmp-type echoreq keep state
pass in quick on bce1
More information about the asterisk-users
mailing list