LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-12-2006, 10:37 PM   #1
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 651

Rep: Reputation: 34
Iptables & Asterisk


Hi

I have an Asterisk server inside a firewall (Redhat iptables).

Can some body tell me how to do the iptable entry’s o some one from outside can call in to my sasterisk and make a call and to call out to the internet.

Asterisk uses 5060 udp for signaling
10000 to 20000 for RTP voice channels

Thank you

Regards,
Asanka
 
Old 03-13-2006, 06:21 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607
Please have a look at http://www.voip-info.org/wiki-Asterisk+firewall+rules . Read, try, watch for errors, adjust rules. *Then* ask. And if you want to get rules, please post what you tried yourself plus any errors.
 
Old 03-15-2006, 03:08 AM   #3
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 651

Original Poster
Rep: Reputation: 34
HAi unSpawn

here is what I am using at the moment. I am not a pro on this so I just match what our mail server uses.

-A PREROUTING -d 203.143.24.252 -i eth0 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.20.20:5060
-A PREROUTING -d 203.143.24.123 -i eth0 -p tcp -m tcp --dport 5060 -j DNAT --to-destination 192.168.20.20:5060

-A POSTROUTING -s 192.168.20.20 -j SNAT --to-source 203.143.24.252

-A FORWARD -d 192.168.20.20 -i eth0 -p udp -m udp --dport 5060 -j ACCEPT
-A FORWARD -d 192.168.20.20 -i eth0 -p tcp -m tcp --dport 5060 -j ACCEPT

With these entries outsider users can register, and I am using SJphone as my client

Apriciate your help

I am using sip.conf and extensions.conf

[general]
externip = 203.143.24.123
localnet = 192.168.11.0/255.255.255.0
context=default
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes


[3001]
type=friend
username=3001
;secret=3001
host=dynamic
context=internal
canreinvite=no
nat=yes


[internal]
exten=>3001,1,Dial(SIP/3001)


Kind regards

Asanka
 
Old 03-15-2006, 03:09 AM   #4
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 651

Original Poster
Rep: Reputation: 34
HAi unSpawn

here is what I am using at the moment. I am not a pro on this so I just match what our mail server uses.

-A PREROUTING -d 203.143.24.252 -i eth0 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.20.20:5060
-A PREROUTING -d 203.143.24.123 -i eth0 -p tcp -m tcp --dport 5060 -j DNAT --to-destination 192.168.20.20:5060

-A POSTROUTING -s 192.168.20.20 -j SNAT --to-source 203.143.24.252

-A FORWARD -d 192.168.20.20 -i eth0 -p udp -m udp --dport 5060 -j ACCEPT
-A FORWARD -d 192.168.20.20 -i eth0 -p tcp -m tcp --dport 5060 -j ACCEPT

With these entries outsider users can register, and I am using SJphone as my client

Apriciate your help

I am using sip.conf and extensions.conf

[general]
externip = 203.143.24.123
localnet = 192.168.11.0/255.255.255.0
context=default
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes


[3001]
type=friend
username=3001
;secret=3001
host=dynamic
context=internal
canreinvite=no
nat=yes


[internal]
exten=>3001,1,Dial(SIP/3001)


Kind regards

Asanka
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables & firewall Mibble Linux - Security 1 09-12-2005 02:47 PM
Phục hồi dữ liệu bị mất???, cứ pollsite General 1 06-27-2005 01:39 PM
Samba & IPTABLES & Network Drives Oh My! logicdisaster Linux - Networking 3 06-03-2004 07:07 PM
i want to ask if iptables can do that & if yes how digi_com_lb Linux - Networking 0 04-16-2004 12:05 PM
%&*#&$$ iptables modules Hangdog42 Linux - Newbie 10 03-03-2003 09:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration