Matt wrote:
I'll elaborate slightly more... the wiki says:
# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
# IAX2- the IAX protocol
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
# IAX - most have switched to IAX v2, or ought to
iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT
# RTP - the media stream
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT
However.. I've seen phones connect on what appears to be ports OTHER
then 5060.. example:
301/301 (Unspecified) D 255.255.255.255 0 Unmonitored
300/300 (Unspecified) D 255.255.255.255 0 Unmonitored
204/204 65.173.xx.xx D 255.255.255.255 5060 Unmonitored
203/203 (Unspecified) D 255.255.255.255 0 Unmonitored
202/202 63.174.xx.xx D 255.255.255.255 5060 Unmonitored
201/201 65.173.xx.xx D 255.255.255.255 18515 Unmonitored
200/200 (Unspecified) D 255.255.255.255 0 Unmonitored
So like extension 201 which is on 18515... is that going to still work?
They connect from port 18515 (or any port) to asterisk port 5060, so this rule
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
is still OK
_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
