Hi AJ
AJ Weber wrote:
> I just found it. Apparently /etc/services knows the Vonage-listed RTP
> chain; I assume that is correct, but wonder why it's in there three
> times in succession? Snip:
Try with iptables -vnL INPUTFW, without the -v it does not display all
information.
The inputfw rule which is configured in
/etc/firewall/inputfw/siproxd.conf for siproxd,
"explodes" into several rules, for both GREEN and RED interfaces.
You will see them if you use the -v option.
> Does the proxy need to accept those same RTP packets from GREEN (and
> pass them thru to RED) via a "zone firewall" config -- if the INPUTFW
> chain is called on the GREEN side, then this would happen (unsure).
No, since there is the proxy there is no forwarding of sip/rtp packets, so
firewall rules of zonefw and/or outgoing fw does not take affect since they
only apply for forwarded packets.
Basically siproxd applies REDIRECT rules for SIP connections coming from
GREEN and
redirects them to the local SIP port of siproxd. Siproxd then handles the
SIP connection to RED, but those connections start from the firewall
itself and not
from behind (so no outgoing firewall).
The RTP streams are then negotiated between siproxd and the SIP server
and your phone
and siproxd and will not pass through the firewall. They go from your
phone to the
proxy and then from the proxy, in a separate connection, to the SIP
server or wherever
it directs you.
Only ports which need to be open are the SIP/RTP ports within INPUTFW,
for both,
GREEN and RED (which automatically be done, when you start the proxy)
> I would have thought you needed a port redirect outbound SIP and
You should see it with
iptables -t nat -vnL SIPROXDPORTFW
peter
--
:: e n d i a n
:: open source - open minds
:: peter warasin
:: http://www.endian.com :: [EMAIL PROTECTED]
begin:vcard
fn:Peter Warasin
n:;Peter Warasin
org:Endian GmbH/Srl
adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
email;internet:[EMAIL PROTECTED]
tel;work:+39 0471 631763
tel;fax:+39 0471 631764
x-mozilla-html:FALSE
url:http://www.endian.com
version:2.1
end:vcard
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
