Will add that you can see exactly what ports are open with "iptables -L -n"
at the command line. This will show ports opened not only from your
AstLinux web interface but also any opened as a result of Universal
Plug-n-Play, etc.
David
On Tue, Nov 24, 2015 at 10:17 AM, David Kerr <da...@kerr.net> wrote:
> The RTP ports as defined by rtpstart= and rtpend= in rtp.conf also need to
> be opened up.... unless you enable the sip-voip firewall plugin which is
> supposed to open up the ports on demand by monitoring SIP traffic. This
> plugin is disabled by default and I have not tried enabling it. I don't
> know what is best practice for that.
>
> I also do not have 5060 open, that is only required if an external VoIP
> device/softphone/switch is trying to register with you, or if you want to
> permit unregistered devices to place calls into your system. I found that
> I was being attacked on that port so I shut it off. I do have 5061 open so
> as to permit external softphones to register with TLS, a little more secure
> than 5060.
>
> I have SSH listening on a non-obvious port.
>
> I also have 443 shutdown (or rather, NATed to an internal device). So to
> remote manage AstLinux I have another non-obvious port set to NAT EXT->INT
> changing the external port XYZ to internal port 443 on 192.168.x.1
> (internal IP of my AstLinux box).
>
> David
>
>
> On Tue, Nov 24, 2015 at 9:38 AM, Darrick Hartman <
> dhart...@djhsolutions.com> wrote:
>
>> Michael,
>>
>>
>>
>> Depending on the SIP provider and the firewall, you _*should*_ only need
>> to allow the signaling traffic of ports 5060 and possibly 5061. The RTP
>> ports should be negotiated and opened by your Asterisk instance to the SIP
>> provider. If the firewall doesn’t work properly, disable any “sip helpers”
>> as they generally don’t help. You probably also want to have remote access
>> to your SSH port, but I would change that to something other than port 22.
>> That can be specified in the user.conf file in /mnt/kd/rc.conf.d/ directory.
>>
>>
>>
>> Darrick
>>
>>
>>
>> *From:* Michael Knill [mailto:michael.kn...@ipcsolutions.com.au]
>> *Sent:* Monday, November 23, 2015 11:53 PM
>> *To:* AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
>> *Subject:* [Astlinux-users] Opening ports
>>
>>
>>
>> Hi group
>>
>>
>>
>> I have a customer that will be giving me a public IP e.g. no NAT but
>> wants me to narrow down my port range to the External interface of the
>> Astlinux box.
>>
>>
>>
>> What ports do I need to have open? How can I view the open ports on a
>> production box to see what is open?
>>
>>
>>
>> Thanks so much.
>>
>>
>>
>> Regards
>>
>> Michael Knill
>>
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>> Give your users amazing mobile app experiences with Intel(R) XDK.
>> Use one codebase in this all-in-one HTML5 development environment.
>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>> OSs.
>> http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
>> pay...@krisk.org.
>>
>
>
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
