[asterisk-users] Firewall Issue
Faisal Hanif
faisal at vopium.com
Mon Aug 8 07:33:14 CDT 2011
If you take a bit deep analyses on SIP packet you will be able to understand the issue,
Iptables filter on layer-3 while SIP is on layer-7. It is easily possible to generate a SIP packet with different source-ip than physical interface.
You can also simulate it if you set external-ip=some-else-ip in SIP.com in asterisk. All you SIP packets will contain new some-else-ip while layer-3 headers will still have actual physical interface IP.
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of RSCL Mumbai
Sent: Monday, August 08, 2011 5:18 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Firewall Issue
On Mon, Aug 8, 2011 at 5:09 PM, Henrik <singler at common-hacking.org> wrote:
Also you can set allowguest=no in sip.conf, if you didn't do it already
I will check sip.conf, but logically, the packets should not be reaching Asterisk.
IP Tables should have blocked them.
Sans
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110808/bcff6142/attachment-0001.htm>
More information about the asterisk-users
mailing list