[Asterisk-Users] SER & Asterisk

Chris Albertson chrisalbertson90278 at yahoo.com
Fri Jan 16 01:12:14 MST 2004


Yes, you can keep non-authorized SIP callers from accessing the
PSTN by setting up the .conf file "correctly" as below
but you can also
run a fire wall on the box that Asterisk runs on.  Firewall off
SIP ports except for if they come from your SER server.

This will work even if Asterisk is broken or misconfigured.
Security sould always be applied in multiple layers:  use both
a belt and suspenders

I like the "shorewall" firewall script.  configuration is
conceptually easy it uses the cisco-like idea of zones.



--- Fran Boon <flavour at partyvibe.com> wrote:
> asterisk at geek.be wrote:
> > I'm trying to bundle the powers of Asterisk and SER.
> > Asterisk for pabx functionalities and termination to landline/PSTN,
> and
> > SER as SIP Gateway/Proxy.
> > With my current configuration the SIP user just adds 0 as a prefix
> to a
> > number, and the call will go out to PSTN over Asterisk.
> > For this to work I added the rewritehostport() function in SER to
> > point to the Asterisk IP (different from the SER ip).
> > At the moment I just added the following line to my sip.conf (in
> the
> > [general] section):
> > context=from-sip
> > But my question here is, everyone can (ab)use this by connecting
> > directly to the Asterisk IP.
> > This way they can easily dial out over the PSTN network.
> 
> Hi,
> 
> This sounds a very similar problem to me, despite the different
> context.
> 
> The 'default' context in the [general] section shouldn't be
> (ab)usable - 
> set this to something like [bogon-calls].
> Then set up a specific peer lower down:
> 
> [ser]
> context=sip-legal
> host=y.y.y.y ; IP address of SER
> 
> Se this Wiki page for more flesh of my (not yet fully working!)
> configs:
> http://voip-info.org/wiki-Asterisk+cisco+FXO
> 
> Good luck!
> Fran.
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users


=====
Chris Albertson
  Home:   310-376-1029  chrisalbertson90278 at yahoo.com
  Cell:   310-990-7550
  Office: 310-336-5189  Christopher.J.Albertson at aero.org
  KG6OMK

__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus



More information about the asterisk-users mailing list