Joe Acquisto wrote:
Thanks. And this might go where, in rc.d/rc.firewall.local ?But I don't get it. Isn't this redundant? Since I have port forwarding already. . .?joe a. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
What this is doing is allowing unfettered access between your PBX and phones. Too many people forget that a VoIP transaction consists of more than just opening up ports 5060 and 5061. This are used for registration/administration, etc., in the case of one way audio, or audio for any matter, this is carried out by RTP on separate ports which will never be the same port unless you have it specified.
Summarized: NAT + VoIP = nightmareIf at all doable, segment your phones out to a DMZ with VLANs, constructive routing, and ACL's to avoid leveraged security incidents via those phones being opened.
http://www.voip-info.org/wiki/index.php?page=RTP+Symmetric http://www.voip-info.org/wiki/view/NAT+and+VOIP -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
