[asterisk-users] 11.4.0: iax packets lost by amazon ec2

Tony Mountifield tony at softins.co.uk
Sat Sep 7 17:35:28 CDT 2013


In article <l0g347$ovs$1 at ger.gmane.org>,
Sean Darcy <seandarcy2 at gmail.com> wrote:
> 
> iptables -vnL
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>   pkts bytes target  prot opt in   out  source     destination
>   125K  171M ACCEPT  all  --  *    *    0.0.0.0/0  0.0.0.0/0  ctstate RELATED,ESTABLISHED
>      0     0 ACCEPT  icmp --  *    *    0.0.0.0/0  0.0.0.0/0
>      0     0 ACCEPT  all  --  lo   *    0.0.0.0/0  0.0.0.0/0
>     13   768 ACCEPT  tcp  --  *    *    0.0.0.0/0  0.0.0.0/0  ctstate NEW tcp dpt:22
>      1    40 REJECT  all  --  *    *    0.0.0.0/0  0.0.0.0/0
> 
> So this means the packet is accepted only if it comes from the loopback 
> interface?

Yes, the rules above mean:
1. If the packet is part of an established or related session, accept it.
2. Else if it's ICMP (e.g. ping or network status), accept it.
3. Else if it's from the loopback interface, accept it.
4. Else if it's a new ssh connection, accept it.
5. Otherwise reject it.

Nothing in there about accepting UDP, which is why you needed the extra
rule to accept the IAX port.

Cheers
Tony

-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org



More information about the asterisk-users mailing list