Hello, thanks you very much for your effort. Without your help I would never realize the problem lies in the firewall.
But what do you mean by the doubt that it is bug? You mean it should be configured another way? I do not claim my configuration is correct. I am also new to nftables. But I do not think opening the wide port range is a solution. The nftables runs on the asterisk server itself. Marek 2021-09-10 1:19 GMT+02:00, Duncan Turnbull <dun...@e-simple.co.nz>: > > >> On 10/09/2021, at 4:37 AM, Marek Greško <mgres...@gmail.com> wrote: >> >> There are other systems running on the same hardware. It would just >> leave open ports here. >> >> Do not compare SIP ALG on a closed source device to an opensource >> software with active development. I had no such problems in the past >> when using iptables. The nftables is a pretty new software, so some >> bugs could be present and I accept. I just wanted to be sure I am not >> doing anything wrong. Now I am pretty sure it is a bug. > > I very much doubt it’s a bug, but that’s your choice to pursue that > > You ask for help but perhaps you are not wanting to listen > > If you open your asterisk rtp ports in your firewall then you are following > pretty much what everyone else does. > > Otherwise you are letting another device interfere with your Sip > transactions and we have already shown that’s a bad idea. Makes no > difference whether it’s open source or not. > > But up to you > >> >> Thanks >> >> Marek >> >> >> 2021-09-09 18:30 GMT+02:00, Administrator <ad...@tootai.net>: >>> >>>> Le 09/09/2021 à 18:15, Marek Greško a écrit : >>>> There is always some risk. If there is a solution that should work, it >>>> is best to use it. We just need the root cause, why it fails >>>> sometimes. >>> >>> Like SIP ALG ? ;) Please explain which risk are existing if there is >>> nothing listening on those ports ? >>> >>>> >>>> >>>> 2021-09-09 18:01 GMT+02:00, Antony Stone >>>> <antony.st...@asterisk.open.source.it>: >>>>> On Thursday 09 September 2021 at 17:56:10, Marek Greško wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I would not like to open whole range of udp ports for rtp. >>>>> Why not? What is the risk? >>>>> >>>>> What would possibly be listening on UDP ports 10000 - 20000 (the >>>>> Asterisk >>>>> default range) which an external scanner / attacker could make use of? >>> >>> -- >>> Daniel >>> >>> -- >>> _____________________________________________________________________ >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>> >>> Check out the new Asterisk community forum at: >>> https://community.asterisk.org/ >>> >>> New to Asterisk? Start here: >>> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
