Re: [Efw-user] SIP/Vonage?

Mon, 12 Nov 2007 12:26:26 -0800 

I just found it.  Apparently /etc/services knows the Vonage-listed RTP ports 
(10000-20000) as "ndmp" and "dmp".  I found it in the INPUTFW chain; I assume 
that is correct, but wonder why it's in there three times in succession?  Snip:
ACCEPT     udp  --  anywhere             anywhere            udp dpts:ndmp:dnp
ACCEPT     udp  --  anywhere             anywhere            udp dpts:ndmp:dnp
ACCEPT     udp  --  anywhere             anywhere            udp dpts:ndmp:dnp

Does the proxy need to accept those same RTP packets from GREEN (and pass them 
thru to RED) via a "zone firewall" config -- if the INPUTFW chain is called on 
the GREEN side, then this would happen (unsure).

I would have thought you needed a port redirect outbound SIP and possibly RTP 
to siproxd on the GREEN side or a hole in the "Outgoing Firewall" to allow the 
RTP traffic directly (since the default for Outgoing is now DENY)?  For that 
matter, a redirect for inbound SIP-port traffic to siproxd?

Would like to help any way I can (or maybe I just messed it up)!!!

Thanks again,
AJ

  ----- Original Message ----- 
  From: Peter Warasin 
  To: AJ Weber ; [email protected] 
  Sent: Monday, November 12, 2007 2:53 PM
  Subject: Re: [Efw-user] SIP/Vonage?


  Hi AJ

  Which version do you use? Maybe there's a bug

  The firewall always should configure the firewall rules itself for it's
  proxies.
  Which ports are closed? From inside out, or from outside in?

  peter

  AJ Weber wrote:
  > Q: When using the SIP proxy...
  >  
  > Do I need to manually then go configure the firewall to allow these
  > ports to be ACCEPTed??
  >  
  > That is, do I configure the traffic from RED, SIP port to be REDIRECTed
  > to the firewall host (siproxd), and then ACCEPT the SIP and RTP ports
  > from RED?
  >  
  > Not clear on this, and if that's the case, why it wouldn't be configured
  > automatically as part of configuring the SIP Proxy screen?

  -- 
  :: e n d i a n
  :: open source - open minds

  :: peter warasin
  :: http://www.endian.com   :: [EMAIL PROTECTED]

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user

Reply via email to