Still not working for me. In fact, this time it was worse. Everything stays registered, but this time I get no audio in either direction, and although it was working after I enabled the firewall, web access stopped working after a few minutes. I can see the calls come in, but the RTP stream just isn't being set up right. I also tried putting in the dont_load sip helper as per the shorewall website, no help.
Here's my config, maybe someone can spot something that's wrong. zones: fw firewall net ipv4 loc ipv4 interfaces: loc eth0 detect net eth1 detect policies: loc all ACCEPT fw all ACCEPT net all DROP all all REJECT rules: Ping/ACCEPT net $FW Webmin/ACCEPT net $FW ACCEPT net:204.11.116.47,204.11.119.47,67.242.xx.xx $FW all ACCEPT $FW:204.11.116.47,204.11.119.47,67.242.xx.xx net all ACCEPT net fw all The third IP in the accept statement is my public IP at home...I didn't want to lock myself out of the box. I don't see any reason why the above won't work. It should be allowing all packets in to and out of the Firewall to the SIP Trunk provider's IPs. Max -----Original Message----- From: Simon Hobson [mailto:[email protected]] Sent: Tue 9/22/2009 2:34 PM To: Shorewall Users Subject: Re: [Shorewall-users] Losing my mind after a long day Max DiOrio wrote: >My SIP provider is asking me to open all UDP ports, which is a huge >security risk. Then they are a bunch of ignorant tools ! The only ports you need to open are the signalling ports (eg 5060 for SIP) and the ports specified in /etc/asterisk/rtp.conf - those are the only ports that will be used. >What rule can I use to allow all traffic two and from a particular IP? >This might be easiest, as the provider only uses two IP addresses. > >This way I can block all traffic inbound except from those IPs. ACCEPT net:1.2.3.4 $FW or to just allow UDP, ACCEPT net:1.2.3.4 $FW udp For multiple addresses I think you can do : ACCEPT net:1.2.3.4,5.6.7.8 $FW These are for inbound traffic, outbound just swap net:... and $FW. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
<<winmail.dat>>
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
