[asterisk-users] Re: Asterisk to listen for sip traffic on 80 and 5060

[kjcsb]

I have Asterisk listening for sip traffic on port 5060. I want to allow 
users to use either port 80 or 5060 if they want. Hopefully this will avoid 
some firewall issues.


Is this a sensible/crazy thing to do? I have done a bunch of searching and 
believe iptables can help but haven't been able to find an example to 
forward something from 80 to 5060 inbound and outbound where iptables is 
running on the same machine as Asterisk. Is iptables the best way to do it 
(without other hardware) or is there an alternative? If anyone has used 
iptables to do this would you be willing to share the setup?


Would something like ths work for inbound?:
iptables -t nat -A PREROUTING -p udp --dport 80 --sport 1024:65535 -j 
DNAT --to 127.0.0.1:5060


iptables -A FORWARD -p udp -d 1270.0.1 \
   --dport 5060 -m state --state NEW -j ACCEPT

iptables -A FORWARD -t filter -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT

What about outbound?

Alternatively is there a better option?

Any suggestions appreciated.

Regards

Cameron


___
--Bandwidth and Colocation provided by Easynews.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Re: Asterisk to listen for sip traffic on 80 and 5060

[Leo Ann Boon]

kjcsb wrote:



I have Asterisk listening for sip traffic on port 5060. I want to 
allow users to use either port 80 or 5060 if they want. Hopefully 
this will avoid some firewall issues.


If you're think that by sending SIP on port 80 will fool the firewall 
into thinking it's HTTP traffic, then I'd suggest you look elsewhere. 
For a start, most firewalls only allow HTTP on TCP/80 not UDP/80.



Leo

___
--Bandwidth and Colocation provided by Easynews.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users