John is correct. I wasn't complete in my response earlier. Opening 5060 to
ONLY your VoIP provider is what I meant. So much of this depends on who you
are using as a SIP provider.
Registering to the SIP provider should prevent the need to open any of these
ports.
From: John Novack [mailto:jnov...@comcast.net]
Sent: Tuesday, November 24, 2015 9:10 AM
To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
Subject: Re: [Astlinux-users] Opening ports
I have had nothing but bad experiences with opening port 5060.
There are many evil people and programs loose that bang away at port 5060 if
one is found open. Google for Sipvicious, it is well named! )
Not all providers allow the port to be changed, but if you register to the
provider, I don't believe a port needs to be opened, as registration handles
that.
I had 2 ( not AstLinux ) users with SIP phones off their systems, and we had to
change both the phone and the system to a non-standard port. Once that was
done problems disappeared. Yes port scanning can be done, but it seems there
are too many low hanging fruit that are ripe for the picking.
For providers into AstLinux, I use IAX, though not many providers support that,
the ones that do work well.
I do open a non standard SSH port and in some cases port 443 for access to the
GUI. Make sure the default password is changed!!
Certainly turn off SIP ALG in the router as well.
Strong passwords, limit access to PSTN as well.
John Novack
Darrick Hartman wrote:
Michael,
Depending on the SIP provider and the firewall, you _should_ only need to allow
the signaling traffic of ports 5060 and possibly 5061. The RTP ports should be
negotiated and opened by your Asterisk instance to the SIP provider. If the
firewall doesn't work properly, disable any "sip helpers" as they generally
don't help. You probably also want to have remote access to your SSH port, but
I would change that to something other than port 22. That can be specified in
the user.conf file in /mnt/kd/rc.conf.d/ directory.
Darrick
From: Michael Knill [mailto:michael.kn...@ipcsolutions.com.au]
Sent: Monday, November 23, 2015 11:53 PM
To: AstLinux Users Mailing List
<astlinux-users@lists.sourceforge.net><mailto:astlinux-users@lists.sourceforge.net>
Subject: [Astlinux-users] Opening ports
Hi group
I have a customer that will be giving me a public IP e.g. no NAT but wants me
to narrow down my port range to the External interface of the Astlinux box.
What ports do I need to have open? How can I view the open ports on a
production box to see what is open?
Thanks so much.
Regards
Michael Knill
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org<mailto:pay...@krisk.org>.
--
Dog is my Co-pilot
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.