On 02/08/2012 04:29 AM, Tony Mountifield wrote:
In article4f324279.70...@message-id.plonk.de,
Jakob Hirschj...@plonk.de wrote:
Raj Mathur (राज माथ�र), 2012-02-08 03:27:
Packets not going out on the same interface as the one they were
received on is a general IP issue, not just
Raj Mathur (राज माथुर), 2012-02-08 03:27:
Packets not going out on the same interface as the one they were
received on is a general IP issue, not just for connectionless
Right, this was a inaccuracy. It should say Asterisk does not reply
with the IP address with which packets were received.
In article 4f324279.70...@message-id.plonk.de,
Jakob Hirsch j...@plonk.de wrote:
Raj Mathur (राठमाथà¥à¤°), 2012-02-08 03:27:
Packets not going out on the same interface as the one they were
received on is a general IP issue, not just for connectionless
Right, this was a
Steve Edwards, 2012-02-06 01:43:
Unfortunately, (IIRC) Asterisk does not reply to the same interface
packets are received from which limits the usefulness of multiple
interfaces.
Right, that's what I also observed. We had to take special measures to
handle this. The problem lies in the nature
As far as I know, Asterisk would use the default Linux/Unix routing
algorithms to send packets out, in which case yes: responses may not go
out on the same interface packets were received on.
E.g. if you receive packets with non-LAN IP addresses on eth0, while
your default route is set to
All of that is true, but none of it appears to be a security concern,
specifically.
For you, may be, but from where I am sitting, I don't want to rely
solely on netfilter/iptables to protect me when I could physically
restrict Asterisk from binding to that interface (and answering such
On 07-02-12 18:41, Josh wrote:
[snip]
Thanks, another mystery solved then - Asterisk does rely on the
Linux/Unix routing, in which case I would definitely need to take care
of the SNAT/DNAT and proper routing/forwarding of packets between
interfaces using core Linux/Unix tools. Am I correct in
On 07/02/12 05:29, Gordon Messmer wrote:
On 02/06/2012 03:27 PM, Josh wrote:
Why do you see binding to 0.0.0.0 to be a security risk?
Purely because a response from Asterisk can be received as a result of a
connection on *any* interface on the system/machine. If I have Asterisk
confined to,
On Tuesday 07 Feb 2012, Jakob Hirsch wrote:
Steve Edwards, 2012-02-06 01:43:
Unfortunately, (IIRC) Asterisk does not reply to the same interface
packets are received from which limits the usefulness of multiple
interfaces.
Right, that's what I also observed. We had to take special
Why do you see binding to 0.0.0.0 to be a security risk?
Purely because a response from Asterisk can be received as a result of a
connection on *any* interface on the system/machine. If I have Asterisk
confined to, say, 2 interfaces - eth0 (10.1.1.1) and eth1 (10.2.1.1)
then a request over a
While usually thread hijacking is not something that should be done,
in this case thank you for hijacking it as the OP on his original
topic was way off topic.
Why is that - I think I posted legitimate questions/queries with regards
to the installation, configuration and running of Asterisk
On Tuesday 07 Feb 2012, Josh wrote:
[snip]
Unfortunately, (IIRC) Asterisk does not reply to the same interface
packets are received from which limits the usefulness of multiple
interfaces.
What do you mean by that? If a request is received over eht1 are you
saying that Asterisk does not
On 02/06/2012 03:27 PM, Josh wrote:
Why do you see binding to 0.0.0.0 to be a security risk?
Purely because a response from Asterisk can be received as a result of a
connection on *any* interface on the system/machine. If I have Asterisk
confined to, say, 2 interfaces - eth0 (10.1.1.1) and eth1
13 matches
Mail list logo