The RTP ports as defined by rtpstart= and rtpend= in rtp.conf also need to
be opened up.... unless you enable the sip-voip firewall plugin which is
supposed to open up the ports on demand by monitoring SIP traffic. This
plugin is disabled by default and I have not tried enabling it. I don't
know what is best practice for that.
I also do not have 5060 open, that is only required if an external VoIP
device/softphone/switch is trying to register with you, or if you want to
permit unregistered devices to place calls into your system. I found that
I was being attacked on that port so I shut it off. I do have 5061 open so
as to permit external softphones to register with TLS, a little more secure
than 5060.
I have SSH listening on a non-obvious port.
I also have 443 shutdown (or rather, NATed to an internal device). So to
remote manage AstLinux I have another non-obvious port set to NAT EXT->INT
changing the external port XYZ to internal port 443 on 192.168.x.1
(internal IP of my AstLinux box).
David
On Tue, Nov 24, 2015 at 9:38 AM, Darrick Hartman <dhart...@djhsolutions.com>
wrote:
> Michael,
>
>
>
> Depending on the SIP provider and the firewall, you _*should*_ only need
> to allow the signaling traffic of ports 5060 and possibly 5061. The RTP
> ports should be negotiated and opened by your Asterisk instance to the SIP
> provider. If the firewall doesn’t work properly, disable any “sip helpers”
> as they generally don’t help. You probably also want to have remote access
> to your SSH port, but I would change that to something other than port 22.
> That can be specified in the user.conf file in /mnt/kd/rc.conf.d/ directory.
>
>
>
> Darrick
>
>
>
> *From:* Michael Knill [mailto:michael.kn...@ipcsolutions.com.au]
> *Sent:* Monday, November 23, 2015 11:53 PM
> *To:* AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
> *Subject:* [Astlinux-users] Opening ports
>
>
>
> Hi group
>
>
>
> I have a customer that will be giving me a public IP e.g. no NAT but wants
> me to narrow down my port range to the External interface of the Astlinux
> box.
>
>
>
> What ports do I need to have open? How can I view the open ports on a
> production box to see what is open?
>
>
>
> Thanks so much.
>
>
>
> Regards
>
> Michael Knill
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
> OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
