[asterisk-users] problems with natted phones

Marek Greško mgresko8 at gmail.com
Fri Sep 10 09:19:06 CDT 2021


Hello,

thanks you very much for your effort. Without your help I would never
realize the problem lies in the firewall.

But what do you mean by the doubt that it is bug? You mean it should
be configured another way? I do not claim my configuration is correct.
I am also new to nftables. But I do not think opening the wide port
range is a solution. The nftables runs on the asterisk server itself.

Marek


2021-09-10 1:19 GMT+02:00, Duncan Turnbull <duncan at e-simple.co.nz>:
>
>
>> On 10/09/2021, at 4:37 AM, Marek Greško <mgresko8 at gmail.com> wrote:
>>
>> There are other systems running on the same hardware. It would just
>> leave open ports here.
>>
>> Do not compare SIP ALG on a closed source device to an opensource
>> software with active development. I had no such problems in the past
>> when using iptables. The nftables is a pretty new software, so some
>> bugs could be present and I accept. I just wanted to be sure I am not
>> doing anything wrong. Now I am pretty sure it is a bug.
>
> I very much doubt it’s a bug, but that’s your choice to pursue that
>
> You ask for help but perhaps you are not wanting to listen
>
> If you open your asterisk rtp ports in your firewall then you are following
> pretty much what everyone else does.
>
> Otherwise you are letting another device interfere with your Sip
> transactions and we have already shown that’s a bad idea. Makes no
> difference whether it’s open source or not.
>
> But up to you
>
>>
>> Thanks
>>
>> Marek
>>
>>
>> 2021-09-09 18:30 GMT+02:00, Administrator <admin at tootai.net>:
>>>
>>>> Le 09/09/2021 à 18:15, Marek Greško a écrit :
>>>> There is always some risk. If there is a solution that should work, it
>>>> is best to use it. We just need the root cause, why it fails
>>>> sometimes.
>>>
>>> Like SIP ALG ? ;) Please explain which risk are existing if there is
>>> nothing listening on those ports ?
>>>
>>>>
>>>>
>>>> 2021-09-09 18:01 GMT+02:00, Antony Stone
>>>> <Antony.Stone at asterisk.open.source.it>:
>>>>> On Thursday 09 September 2021 at 17:56:10, Marek Greško wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I would not like to open whole range of udp ports for rtp.
>>>>> Why not?  What is the risk?
>>>>>
>>>>> What would possibly be listening on UDP ports 10000 - 20000 (the
>>>>> Asterisk
>>>>> default range) which an external scanner / attacker could make use of?
>>>
>>> --
>>> Daniel
>>>
>>> --
>>> _____________________________________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> Check out the new Asterisk community forum at:
>>> https://community.asterisk.org/
>>>
>>> New to Asterisk? Start here:
>>>      https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>>      https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users



More information about the asterisk-users mailing list