Zenny wrote: >And open the ports that you need for asterisk viz. > >3178 for STUN UDP >4569 for IAX2 TCP >5060-5090 for SIP TCP >10000-20000 for RTP UDP
STUN also uses 3179 by default (it needs two ports, and two IP addresses) - but that assumes you are running a STUN service on the machine. In this case I doubt that STUN is needed since I assume there's no NAT involved. SIP only requires the one port (5060) on the Asterisk server - unless you are running a non-standard setup. It doesn't matter what clients are using, only what inbound destination ports are open. RTP ports used by Asterisk are configured in rtp.conf. I believe the default may now start at 10001 to avoid conflicts with Webmin which uses 10000. I usually cut down the size of the port range. I just find it "unnerving" installing a firewall and then opening up 1/6 of the port range - I know it's illogical since the attack vector is there for the same service whether it's got 100, or 10,000 ports open, but it's just the way I learned firewalls ! Don't forget there may be other ports needed. At work I also have 8080 open and TFTP (don't recall the number) so that clients can download firmware and config files. And port 80 (with restricted client addresses) for management. And so on. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
