Hello,
I have trouble getting asterisk to work with my new
firewall script (see below).
I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.
I use only SIP and the problem is that the calls
get in to asterisk when the firewall is activated.
But my agents/phones cant register or receive any
calls. So all calls get stuck in queue on asterisk.
So I believe Im missing some rule
perhaps?
Can anyone help me sort this out?
Thanks...
Best Regards
Goran
/etc/init.d/firewall
======================================
#IPTables firewall configuration for X
export PATH=$PATH:/sbin
case "$1" in
start) echo "Starting iptables
firewall..."
iptables
--flush
iptables --delete-chain iptables -A INPUT -p icmp -i
eth0 -j ACCEPT
# START OPEN
PORTS
#================= #SSH (22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT #SAMBA: netbios (139) ,
microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT #ASTERISK # SIP (UDP
5060)
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT # IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT # RTP - the media
stream
iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT # MGCP - if you use
media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT #END ASTERISK
#MySQL
(3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT #SNMP (161) - Allow from cacti
server
iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT #Ftp / Passive
ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT #Http /
Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT #Webmin
(10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT # END OPEN
PORTS
#================= #Deny everything
else
iptables -A INPUT -p all -i eth0 -j DROP exit 0;
;; stop)
echo "Stopping iptables
firewall..."
iptables --flush iptables --delete-chain exit 0;
;; *)
echo "Valid switches: firewall start , firewall stop"; esac;
|
_______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users