[asterisk-users] strange issue with iptables + Asterisk

Ernesto Ongaro ernesto at etszone.com
Fri Feb 5 17:07:27 CST 2010


Hi all,

I'm having a strange issue, wanted to see if anyone had any suggestions.

Due to the recent spike in VoIP related hacking attempts I decided to
tighten security by writing iptables scripts to only allow traffic to my
servers which is white-listed, since then I've had an issue under
certain circumstances.

I have two boxes (gateway) + (end-point), both running Asterisk 1.4.29
and connecting to each other via IAX2. They are able to call each other
just fine. The (gateway) box connects to providers for access to PSTN
via SIP.

After hours, if you dial the (end-point) server through the PSTN (aka,
it flows through PSTN -> gateway -> end-point) the behavior of the
system is to take the call and forward it to an outside DID, the call
goes back out through the gateway and to PSTN. This works perfectly with
iptables filters on the gateway box turned off, when they are on I get
no audio. Meanwhile, all other calls in and out work perfectly.

I did a packet capture from gateway -> end-point and found all the IAX2
signaling packets there but no media packets (aka no audio).

Then I discovered that if I put a 3 second pause on the end-point box
before forwarding the call, the audio is passed on to PSTN and the
problem solved. Again, if I turn iptables off on the gateway machine
everything works without the delay. The immediate issue is solved but
I'd like to know if anyone seen anything like this before, it may cause
problems for people trying to tighten security..

This is the iptables script: http://bash.pastebin.com/m39babd2b
-- 
Ernesto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5420 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20100205/cb11eaf7/attachment.bin 


More information about the asterisk-users mailing list