[Asterisk-Users] Incoming SIP Address?
Andy Burns
digiumasterisk at adslpipe.co.uk
Sat Dec 4 07:45:08 MST 2004
Ian Chilton wrote:
> That's what I thought but I was told it was the only way to get incoming
> SIP working when Asterisk was behind a firewall/NAT. I was told it was
> not a security risk to do this.
If you *know* that only asterisk is listening on the relevant ports it's
less of a risk, but it's such a wide range and (in theory at least)
leaves plenty of scope for a trojan to listen on one of those ports.
Perhaps SElinux can help here, does it allpw you to say that only a
cerain process has access to the those ports?
Arrghh, I hate the way to:, from: and reply-to: addresses get mangled by
lists!
More information about the asterisk-users
mailing list