Re: [Asterisk-Users] Incoming SIP Address?
Hi!
> [default]
> exten => ian,1,Dial(SIP/spa3k_line1,10)
> exten => ian,2,Voicemail(u4)
> exten => ian,3,Hangup
>
> Is there any way to get such calls coming into a dedicated context,
> rather than default?
Use gotoif() and the variable ${SIPDOMAIN}
Cheers, Philipp
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Incoming SIP Address?
Hi Rick, > "If" your configuration and firewall actually require you to open a > group of ports to *, then take a look at limiting the rtp ports that > are actually used. How many do I need (or how do I find out?) and why does Asterisk specify so many by default? Thanks --ian ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Incoming SIP Address?
Ian Chilton wrote: That's what I thought but I was told it was the only way to get incoming SIP working when Asterisk was behind a firewall/NAT. I was told it was not a security risk to do this. If you *know* that only asterisk is listening on the relevant ports it's less of a risk, but it's such a wide range and (in theory at least) leaves plenty of scope for a trojan to listen on one of those ports. Perhaps SElinux can help here, does it allpw you to say that only a cerain process has access to the those ports? Arrghh, I hate the way to:, from: and reply-to: addresses get mangled by lists! ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Incoming SIP Address?
> > >I assume ports 5060 and 1-2 need to be opened > > >in the firewall too. > > > I don't know much about SIP and firewalls, but opening ten thousand > > ports doesn't sound good, you've just knocked 1/6 of your firewall down > > That's what I thought but I was told it was the only way to get incoming > SIP working when Asterisk was behind a firewall/NAT. I was told it was > not a security risk to do this. > > Any thoughts anyone? "If" your configuration and firewall actually require you to open a group of ports to *, then take a look at limiting the rtp ports that are actually used. Examples: - in /etc/asterisk/rtp.conf, look at changing rtpstart and rtpend - for cisco 7960's, look in SIPDefault.cnf for start_media_port and end_media_port - other sip phones often times use other rtp ports, some of which are configurable (and some phones not). Each sip phone vendor use a different range of rtp ports. To reduce the security exposures, one can also use firewall filters to allow only certain external IP addresses (if your firewall supports that function), and/or sip.conf definitions that include something like: deny=0.0.0.0/0.0.0.0 permit=47.136.1.129/255.255.255.0 If you really need to do this, you will almost always need a packet sniffer to "see" what is actually happening on the inside edge of your firewall and on the outside edge. Without such packet traces changing parameters is nothing more then a guessing game. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Incoming SIP Address?
Hi Shane, > http://www.voip-info.org/wiki-DNS+SRV > http://slacker.com/~nugget/asterisk7.php The SRV page was useful - i've done that in my domain now. But, the other page is talking more about dialing sip addresses through Asterisk rather than incoming sip addresses. However, after adding the SRV record into DNS and the following into Asterisk in extensions.conf, it seems to work: [default] exten => ian,1,Dial(SIP/spa3k_line1,10) exten => ian,2,Voicemail(u4) exten => ian,3,Hangup Is this the right/best way to do it? Is there any way to get such calls coming into a dedicated context, rather than default? Thanks! --ian ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Incoming SIP Address?
>> Hi, >> >> Is it possible to have an incoming SIP address like [EMAIL PROTECTED], where sip.mydomain.com points to a box running Asterisk? >> >> If so, please could someone give an example asterisk config snippet >> for this? >> --ian >Ian, you don't even have to create a subdomain for this. > >Include a 'SRV' entry in your DNS record and you can have [EMAIL PROTECTED] > >http://www.voip-info.org/wiki-DNS+SRV > >Cheers >Shane Another good link Ian with working examples... http://slacker.com/~nugget/asterisk7.php -Shane ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Incoming SIP Address?
Hi, > >I assume ports 5060 and 1-2 need to be opened > >in the firewall too. > I don't know much about SIP and firewalls, but opening ten thousand > ports doesn't sound good, you've just knocked 1/6 of your firewall down That's what I thought but I was told it was the only way to get incoming SIP working when Asterisk was behind a firewall/NAT. I was told it was not a security risk to do this. Any thoughts anyone? --ian ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Incoming SIP Address?
> Hi, > > Is it possible to have an incoming SIP address like [EMAIL PROTECTED], where sip.mydomain.com points to a box running Asterisk? > > If so, please could someone give an example asterisk config snippet for this? > > If it is possible, I assume ports 5060 and 1-2 need to be opened in the firewall too. > > Thanks! > > --ian Ian, you don't even have to create a subdomain for this. Include a 'SRV' entry in your DNS record and you can have [EMAIL PROTECTED] http://www.voip-info.org/wiki-DNS+SRV Cheers Shane ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Incoming SIP Address?
Ian Chilton wrote: I assume ports 5060 and 1-2 need to be opened in the firewall too. I don't know much about SIP and firewalls, but opening ten thousand ports doesn't sound good, you've just knocked 1/6 of your firewall down :-( ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Incoming SIP Address?
Hi, Is it possible to have an incoming SIP address like [EMAIL PROTECTED], where sip.mydomain.com points to a box running Asterisk? If so, please could someone give an example asterisk config snippet for this? If it is possible, I assume ports 5060 and 1-2 need to be opened in the firewall too. Thanks! --ian ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
