[asterisk-users] 11.4.0: iax packets lost by amazon ec2
Tony Mountifield
tony at softins.co.uk
Sat Sep 7 17:35:28 CDT 2013
In article <l0g347$ovs$1 at ger.gmane.org>,
Sean Darcy <seandarcy2 at gmail.com> wrote:
>
> iptables -vnL
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 125K 171M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
> 13 768 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
> 1 40 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
>
> So this means the packet is accepted only if it comes from the loopback
> interface?
Yes, the rules above mean:
1. If the packet is part of an established or related session, accept it.
2. Else if it's ICMP (e.g. ping or network status), accept it.
3. Else if it's from the loopback interface, accept it.
4. Else if it's a new ssh connection, accept it.
5. Otherwise reject it.
Nothing in there about accepting UDP, which is why you needed the extra
rule to accept the IAX port.
Cheers
Tony
--
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the asterisk-users
mailing list