Am 20.02.2014 19:48, schrieb Alex Villacís Lasso:
My concern is that asterisk is left listening for SIP through all
interfaces and with no SIP passwords. I want to secure the setup against
directed traffic to the asterisk UDP port (5080), that bypasses the
kamailio process. I tried setting bindaddr=127.0.0.1 so asterisk will
only listen for SIP traffic on localhost, but this has the side effect
of also removing audio - the call appears to be successful on the
softphone and on the asterisk logs, but no audio is actually heard. My
theory is that the RTP traffic is being sent to kamailio instead of the
softphone.
Theories are nice, but you should check whether they are true using,
e.g., tcpdump :)
I would check with, for example:
tcpdump -nnnqt -s 0 -A -i eth0 port 5060
or instead of "port 5060" (or 5080) try "udp" to see what is going on
with RTP. Change from eth0 to lo to see if there is really RTP going to
nowhere. When looking at port 5060/5080, check the SDP header to see
what kamilio/Asterisk/your softphone announce in terms of RTP.
I thought kamailio is a SIP server/proxy only and is not involved in RTP
at all.
In any case, if you want to only allow only certain connections from
somewhere to somewhere (including from/to certain ports), iptables is
your friend if you are using Linux.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users