I have had nothing but bad experiences with opening port 5060.
There are many evil people and programs loose that bang away at port 5060 if
one is found open. Google for Sipvicious, it is well named! )
Not all providers allow the port to be changed, but if you register to the
provider, I don't believe a port needs to be opened, as registration handles
that.
I had 2 ( not AstLinux ) users with SIP phones off their systems, and we had to
change both the phone and the system to a non-standard port. Once that was
done problems disappeared. Yes port scanning can be done, but it seems there
are too many low hanging fruit that are ripe for the picking.
For providers into AstLinux, I use IAX, though not many providers support that,
the ones that do work well.
I do open a non standard SSH port and in some cases port 443 for access to the
GUI. Make sure the default password is changed!!
Certainly turn off SIP ALG in the router as well.
Strong passwords, limit access to PSTN as well.
John Novack
Darrick Hartman wrote:
Michael,
Depending on the SIP provider and the firewall, you _/should/_ only need to
allow the signaling traffic of ports 5060 and possibly 5061. The RTP ports
should be negotiated and opened by your Asterisk instance to the SIP provider.
If the firewall doesnt work properly, disable any sip helpers as they
generally dont help. You probably also want to have remote access to your SSH
port, but I would change that to something other than port 22. That can be
specified in the user.conf file in /mnt/kd/rc.conf.d/ directory.
Darrick
*From:*Michael Knill [mailto:michael.kn...@ipcsolutions.com.au]
*Sent:* Monday, November 23, 2015 11:53 PM
*To:* AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
*Subject:* [Astlinux-users] Opening ports
Hi group
I have a customer that will be giving me a public IP e.g. no NAT but wants me
to narrow down my port range to the External interface of the Astlinux box.
What ports do I need to have open? How can I view the open ports on a
production box to see what is open?
Thanks so much.
Regards
Michael Knill
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
--
Dog is my Co-pilot
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
