SORRY: VERSION: 2.2 BETA 1
----- Original Message -----
From: AJ Weber
To: Peter Warasin ; [email protected]
Sent: Monday, November 12, 2007 3:26 PM
Subject: Re: [Efw-user] SIP/Vonage?
I just found it. Apparently /etc/services knows the Vonage-listed RTP ports
(10000-20000) as "ndmp" and "dmp". I found it in the INPUTFW chain; I assume
that is correct, but wonder why it's in there three times in succession? Snip:
ACCEPT udp -- anywhere anywhere udp dpts:ndmp:dnp
ACCEPT udp -- anywhere anywhere udp dpts:ndmp:dnp
ACCEPT udp -- anywhere anywhere udp dpts:ndmp:dnp
Does the proxy need to accept those same RTP packets from GREEN (and pass
them thru to RED) via a "zone firewall" config -- if the INPUTFW chain is
called on the GREEN side, then this would happen (unsure).
I would have thought you needed a port redirect outbound SIP and possibly RTP
to siproxd on the GREEN side or a hole in the "Outgoing Firewall" to allow the
RTP traffic directly (since the default for Outgoing is now DENY)? For that
matter, a redirect for inbound SIP-port traffic to siproxd?
Would like to help any way I can (or maybe I just messed it up)!!!
Thanks again,
AJ
----- Original Message -----
From: Peter Warasin
To: AJ Weber ; [email protected]
Sent: Monday, November 12, 2007 2:53 PM
Subject: Re: [Efw-user] SIP/Vonage?
Hi AJ
Which version do you use? Maybe there's a bug
The firewall always should configure the firewall rules itself for it's
proxies.
Which ports are closed? From inside out, or from outside in?
peter
AJ Weber wrote:
> Q: When using the SIP proxy...
>
> Do I need to manually then go configure the firewall to allow these
> ports to be ACCEPTed??
>
> That is, do I configure the traffic from RED, SIP port to be REDIRECTed
> to the firewall host (siproxd), and then ACCEPT the SIP and RTP ports
> from RED?
>
> Not clear on this, and if that's the case, why it wouldn't be configured
> automatically as part of configuring the SIP Proxy screen?
--
:: e n d i a n
:: open source - open minds
:: peter warasin
:: http://www.endian.com :: [EMAIL PROTECTED]
------------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
------------------------------------------------------------------------------
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
