Dan, The gui creates a file call gui.firewall.conf in /mnt/kd/rc.conf.d
Basically it takes the variables from the firewall.conf file found in /mnt/kd/arno-iptables-firewall and overrides them. The firewall.conf file should not be edited directly. Doing so makes upgrading more difficult. Anyone not using the gui should copy variables that you've been modifying in firewall.conf to either user.conf or a different file (ending in .conf) inside the /mnt/kd/rc.conf.d directory. The files are parsed in alpha-numerical order. When Arno's firewall starts, it parses firewall.conf then the combined rc.conf file (which is a concatenation of all the .conf files in /mnt/kd/rc.conf.d). Hopefully that explains things a little better. I generally open the UDP ports as required by the VoIP provider, but in theory, the sip-voip plugin should work. Darrick Philip Prindeville wrote: > Since it deals with the GUI, I'll let Lonnie answer most of this. > > I'd just suggest that you enable the sip-voip plugin > (/etc/arno-iptables-firewall/plugins/sip-voip.conf) and set the value to > 5060 for SIP and 4569 for IAX. (Actually, I'm not sure if the sip > connection tracker can handle IAX inspection as well... you might want > to ask about that on linux-net...) > > > Dan Ryson wrote: >> All, >> >> After many years, I've finally decided to brave the elements and move >> Astlinux out from behind my NAT firewall and onto a public IP >> address. Since this system is presently in service, if I don't get >> this right the first time, I'll risk facing an angry mob. This brings >> me to a basic question regarding the proper configuration of Arno's >> firewall in the AstLinux environment: >> >> In Google-ing around, I found plenty of documentation of Arno's >> firewall on his web site and forum. I also found a helpful paragraph >> and screen-shot of the AstLinux GUI firewall settings on Lonnie's web >> site. However, I couldn't find an answer to this feeble-minded question: >> >> Other than the settings for *Traffic Shaping*, Lonnie's screen-shot >> doesn't show any *Firewall Rules* that pass VoIP UDP ports to Asterisk >> (EXT->Local). Does this action need to be explicitly set in the >> *Firewall Rules* or is it inherent from the *Traffic Shaping* settings? >> >> If feasible, it would be very helpful if someone could provide example >> settings from their working Firewill Configuration page. Our system >> is pretty "normal" with a few SIP VoIP providers and a mixture of SIP >> and IAX2 extensions located both on the LAN and at distant WAN >> locations on the Internet. >> >> Also, it would be helpful to be able to inspect the GUI-generated >> firewall configuration so I can make the effort to understand what the >> GUI is doing from the perspective of Arno's firewall - and leverage >> the documentation and discussions provided on his site. Is there such >> a file? If so, where does it reside? >> >> During some limited testing over the Labor Day weekend, I had troubles >> with no-audio (in either direction) with calls from internal LAN >> extensions to distant WAN extensions. I'm not certain, but this >> problem appeared to be solved by passing ports 10000-20000 from >> EXT->Local. >> >> The entire purpose of this exercise is to get re-invites working. >> Hopefully, this will permit us to shift some RTP traffic from distant >> WAN stations directly to the VoIP providers, in the effort to reduce >> latency and traffic on this server. >> >> Any insight and advice would be greatly appreciated. >> >> Dan >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> trial. Simplify your report design, integration and deployment - and focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
