Hi Alex, Am Dienstag, den 25.02.2014, 13:04 -0500 schrieb Alex Villacís Lasso: > El 25/02/14 08:30, Karsten Wemheuer escribió: > > Hi Alex, > > > > Am Donnerstag, den 20.02.2014, 13:48 -0500 schrieb Alex Villacís Lasso: > >> I have a setup with asterisk-11.7.0 and kamailio-4.1.1. I am following > >> the setup guide at > >> http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb > >> . I want to run asterisk and kamailio on the same server, with SIP > >> realtime configuration > >> (MySQL database) so that kamailio authenticates and then forwards the > >> registration to asterisk on localhost. The setup calls for asterisk to > >> be configured to listen for SIP traffic on all interfaces, on a > >> nonstandard port (I chose 5080). It also calls for > >> blanking of the password for the SIP peer (in my case, a softphone), > >> so that it will not request for authentication again. I have managed > >> to make a call with working audio from the softphone to an extension > >> on asterisk through kamailio. > >> > >> My concern is that asterisk is left listening for SIP through all > >> interfaces and with no SIP passwords. I want to secure the setup > >> against directed traffic to the asterisk UDP port (5080), that > >> bypasses the kamailio process. I tried setting > >> bindaddr=127.0.0.1 so asterisk will only listen for SIP traffic on > >> localhost, but this has the side effect of also removing audio - the > >> call appears to be successful on the softphone and on the asterisk > >> logs, but no audio is actually heard. My theory is > >> that the RTP traffic is being sent to kamailio instead of the > >> softphone. > >> > >> How can I set up asterisk so that it can send RTP anywhere but reject > >> any SIP traffic that does not come from the kamailio process on > >> localhost? > >> > > If You bind asterisk to 127.0.0.1 I think the media connection is set > > for this IP. Your Softphone can not reach the correct 127.0.0.1 > > (localhost is everywhere). > > > > I would suggest, You setup asterisk on eth0 address or 0.0.0.0. In the > > sip.conf You could secure Your setup with > > deny = 0.0.0.0/0.0.0.0 > > permit = Your-LAN-Adress > > This way asterisk accepts SIP from Your box only. > > > This might work, but would need to touch sip.conf every time the IP > address changes. It would be nice to have a configuration that can be > set up once and not modified again. That is why I wanted to set up > localhost. > It is the LAN address of Your Server, where asterisk and kamailio are running. The permit entry allows communication between kamailio and asterisk. Why would You change this address? Maybe I don't understand Your setup.
Karsten -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
