On Sat, Apr 02, 2005 at 11:10:28AM +0200, Remco Barende wrote: > I'm trying to get firewalling working but I am clueless as to which ports > I need to open, I keep opening more ports and it's not working :( > > Basically I want SIP and IAX2 to work. IAX2 works fine, but SIP is giving > me a headache. It seems that the stateless firewall is not able to handle > SIP. I'm using shorewall as my firewall with these rules: > > ACCEPT net fw udp 4569 > ACCEPT fw net udp 4569,5060,10000:20000 > > My rtp.conf says this: > rtpstart=10000 > rtpend=20000 > > > Whenever I make a call I get these messages: > > Apr 2 09:18:25 pbx kernel: Shorewall:fw2net:REJECT:IN= OUT=eth1 > SRC=myip DST=80.118.132.66 LEN=200 TOS=0x00 PREC=0x00 TTL=64 ID=116 DF > PROTO=UDP SPT=17798 DPT=7356 LEN=180 > > Apr 2 09:18:26 raveon kernel: Shorewall:net2fw:REJECT:IN=eth1 OUT= > SRC=80.118.132.66 DST=myip LEN=200 TOS=0x00 PREC=0x00 TTL=53 > ID=859 PROTO=UDP SPT=7356 DPT=17798 LEN=180 > > > So it seems that the %&*$*&$^&!!!! server is still trying to out out via a > port lower than the range set in rtp.conf > > What is port 7356 for and what should I open to get it to work? I looked > through the wiki but the low level iptables rules posted there do not make > any sense to me. >
Port 7356 is used by the called site to receive rtp packets. I don't think you can have any influence to which port it chooses to use. You will need to allow outgoing udp packets to all ports between 1024 and 65535. For example: ACCEPT net fw udp 4569,5060,10000:20000 ACCEPT fw net udp 1025:65536 /Mikael Magnusson _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
