On Tue, May 20, 2008 at 06:46:49AM -0400, Raj Jain wrote:
> One way to make the system more secure would be by not opening these ports
> statically in Linux iptables. I have not tested this, but Linux iptables
> have shipped with ip_nat_sip and ip_conntrack_sip modules since kernel
> version 2.6.18. With these modules, Linux iptables will act as a SIP-aware
> NAT that opens the ports dynamically depending on what's exchanged in the
> signaling.
Err... and if you want to allow someone to connect to UDP port 5060 of
your boxm what iptables trick should you use?
--
Tzafrir Cohen
icq#16849755 jabber:[EMAIL PROTECTED]
+972-50-7952406 mailto:[EMAIL PROTECTED]
http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
