[asterisk-users] Is there a need to secure RTP ports?

Sebastian Arcus shop at open-t.co.uk
Sun Jan 27 16:53:57 CST 2013


On 25/01/13 12:31, Johan Wilfer wrote:
> 2013-01-23 18:20, Sebastian Arcus skrev:
>> I have an Asterisk server with one SIP trunk to a SIP provider. As my
>> server registers with the SIP provider, I don't have any SIP ports open
>> at my end to the Internet. However, I have the RTP ports open (as SIP
>> has some trouble with my NAT).
>
> You could try iptables with ip_conntrack_sip ip_nat_sip.
>
> If they are loaded and you accept calls from your sip provider on port
> 5060 iptables inspects the sip/sdp and traffic from the endpoints are
> considered RELATED.
>
> I've some research/testing to do myself on this topic (it's on my always
> growing todo-list of doom.. :-)
>
> Maybe you should check it out?
>
>
Thanks Johan. It will have to go on my todo-list of doom as well :-) - 
will eventually get around to investigating those two iptables options. 
Sounds promising.




More information about the asterisk-users mailing list