[asterisk-users] How to configure asterisk to only accept SIP from kamailio at localhost but exchange RTP on all interfaces?

Markus universe at truemetal.org
Thu Feb 20 14:07:26 CST 2014

Am 20.02.2014 19:48, schrieb Alex Villací­s Lasso:
> My concern is that asterisk is left listening for SIP through all
> interfaces and with no SIP passwords. I want to secure the setup against
> directed traffic to the asterisk UDP port (5080), that bypasses the
> kamailio process. I tried setting bindaddr= so asterisk will
> only listen for SIP traffic on localhost, but this has the side effect
> of also removing audio - the call appears to be successful on the
> softphone and on the asterisk logs, but no audio is actually heard. My
> theory is that the RTP traffic is being sent to kamailio instead of the
> softphone.

Theories are nice, but you should check whether they are true using, 
e.g., tcpdump :)

I would check with, for example:

tcpdump -nnnqt -s 0 -A -i eth0 port 5060

or instead of "port 5060" (or 5080) try "udp" to see what is going on 
with RTP. Change from eth0 to lo to see if there is really RTP going to 
nowhere. When looking at port 5060/5080, check the SDP header to see 
what kamilio/Asterisk/your softphone announce in terms of RTP.

I thought kamailio is a SIP server/proxy only and is not involved in RTP 
at all.

In any case, if you want to only allow only certain connections from 
somewhere to somewhere (including from/to certain ports), iptables is 
your friend if you are using Linux.

More information about the asterisk-users mailing list