Re: [asterisk-users] Security issue
Hello, if you dont know iptables that much, and would like to see more user friendly configuration method, i suggest you to use Shorewall, which is very flexible, has some clear logs, and generates same iptable rules behind. 2009/2/8 David fire ddf...@gmail.com denay permit are in sip.conf and iax.conf David 2009/2/7 oumar ndiaye ondi...@antg.com David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters? If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's. Thanks. On Sat, Feb 7, 2009 at 9:29 AM, David fire ddf...@gmail.com wrote: you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Oumar Ndiaye CTO ANTG Telecom www.antg.com ondi...@antg.com ondi...@alum.mit.edu ond4...@gmail.com Tel: +1-919-291-8742 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
On Fri, 6 Feb 2009, oumar ndiaye wrote: Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? I'm curious about hackers getting in when you have username and passwords set. How are they cracking the passwords in the first place? Gordon ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
what about something along the lines of... iptables -A INPUT -p udp --dport 5060 -j DROP iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT Cheers 2009/2/9 Gordon Henderson gordon+aster...@drogon.netgordon%2baster...@drogon.net On Fri, 6 Feb 2009, oumar ndiaye wrote: Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? I'm curious about hackers getting in when you have username and passwords set. How are they cracking the passwords in the first place? Gordon ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
On Mon, Feb 09, 2009 at 11:09:34AM +, Geraint Lee wrote: what about something along the lines of... iptables -A INPUT -p udp --dport 5060 -j DROP iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT Err... I guess you meant: iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT # only if previous three did not match: iptables -A INPUT -p udp --dport 5060 -j DROP -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
well, you got the general idea :) 2009/2/9 Tzafrir Cohen tzafrir.co...@xorcom.com On Mon, Feb 09, 2009 at 11:09:34AM +, Geraint Lee wrote: what about something along the lines of... iptables -A INPUT -p udp --dport 5060 -j DROP iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT Err... I guess you meant: iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT # only if previous three did not match: iptables -A INPUT -p udp --dport 5060 -j DROP -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.comjabber%3atzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
On Monday 09 February 2009 04:17:47 Gordon Henderson wrote: On Fri, 6 Feb 2009, oumar ndiaye wrote: Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? I'm curious about hackers getting in when you have username and passwords set. How are they cracking the passwords in the first place? Typically, the issue is that people set all numeric usernames and passwords, which are incredibly easy to scan for and brute force. If you expand your usernames and passwords to alphanumeric, these activities become exponentially more difficult. -- Tilghman ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
On Mon, 9 Feb 2009, Geraint Lee wrote: what about something along the lines of... iptables . Well, whatever, but this isn't an answer to my question and I'm still curious as to how the hackers are breaking usernames and passwords, as I have servers which I can't firewall and if there is some sort of vulnerability, I want to know about it. Or did the OP just pick stupidly easily guessable username and password combinations? Gordon Cheers 2009/2/9 Gordon Henderson gordon+aster...@drogon.netgordon%2baster...@drogon.net On Fri, 6 Feb 2009, oumar ndiaye wrote: Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? I'm curious about hackers getting in when you have username and passwords set. How are they cracking the passwords in the first place? Gordon ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
What distribution are you using? Below is a tutorial from the ubuntu site but it should give you the basics of setting up iptables rules. I have created custom rules for all my servers and the amount of junk traffic has been dramatically reduced. Good Luck!! https://help.ubuntu.com/community/IptablesHowTo Jim Eric Fort wrote: use IP tables and start with deny all. Follow this by allowing only the protocols/ports you want and only the source/destination ip's you wish to allow. these can be combined to say allow ssh from anywhere but only allow sip (and it's range of ports) to/from a very limited set of ip's belonging to say your ITSP. for users that move about a bunch they can use vpn to an allowed subnet. Eric On Sat, Feb 7, 2009 at 5:47 PM, oumar ndiaye ondi...@antg.com wrote: David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters? If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's. Thanks. On Sat, Feb 7, 2009 at 9:29 AM, David fire ddf...@gmail.com wrote: you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Oumar Ndiaye CTO ANTG Telecom www.antg.com ondi...@antg.com ondi...@alum.mit.edu ond4...@gmail.com Tel: +1-919-291-8742 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
denay permit are in sip.conf and iax.conf David 2009/2/7 oumar ndiaye ondi...@antg.com David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters? If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's. Thanks. On Sat, Feb 7, 2009 at 9:29 AM, David fire ddf...@gmail.com wrote: you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Oumar Ndiaye CTO ANTG Telecom www.antg.com ondi...@antg.com ondi...@alum.mit.edu ond4...@gmail.com Tel: +1-919-291-8742 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters? If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's. Thanks. On Sat, Feb 7, 2009 at 9:29 AM, David fire ddf...@gmail.com wrote: you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Oumar Ndiaye CTO ANTG Telecom www.antg.com ondi...@antg.com ondi...@alum.mit.edu ond4...@gmail.com Tel: +1-919-291-8742 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
use IP tables and start with deny all. Follow this by allowing only the protocols/ports you want and only the source/destination ip's you wish to allow. these can be combined to say allow ssh from anywhere but only allow sip (and it's range of ports) to/from a very limited set of ip's belonging to say your ITSP. for users that move about a bunch they can use vpn to an allowed subnet. Eric On Sat, Feb 7, 2009 at 5:47 PM, oumar ndiaye ondi...@antg.com wrote: David, Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters? If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's. Thanks. On Sat, Feb 7, 2009 at 9:29 AM, David fire ddf...@gmail.com wrote: you have many options but you should use it together. firewall in the user/peers definitions add host=ip and/or deny=0.0.0.0/0.0.0.0 permit=ip/mask change the ip of your server. use something like ossec to avoid force brute. David 2009/2/6 oumar ndiaye ond4...@gmail.com Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- (\__/) (='.'=)This is Bunny. Copy and paste bunny into your ()_()signature to help him gain world domination. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Oumar Ndiaye CTO ANTG Telecom www.antg.com ondi...@antg.com ondi...@alum.mit.edu ond4...@gmail.com Tel: +1-919-291-8742 ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security issue
You should be able to do some sort of iptable magic to restrict incoming activity to specific IP addresses. It depends on your flavor of Linux. Google linux hardening. _ From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of oumar ndiaye Sent: Friday, February 06, 2009 3:01 PM To: asterisk-users@lists.digium.com Subject: [asterisk-users] Security issue Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP? Thanks. ond ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Security Issue in Asterisk with sip.conf configuration.
uhm, strange but does this work on your setup? even with permit and deny, if a user is not matched in the conf, it is allowed access to the default context stated in the conf. On Wed, 2004-04-28 at 16:12, James H. Thompson wrote: I think the problem is that using permit= alone does nothing. You need to combine it with a deny= as in: deny=0.0.0.0/0.0.0.0 ; deny all permit=123.123.123.123 ; allow only this address - netmask defaults to: /255.255.255.255 order matters, the deny needs to come first. for reference here is the code from acl.c that checks the rules: int ast_apply_ha(struct ast_ha *ha, struct sockaddr_in *sin) { /* Start optimistic */ int res = AST_SENSE_ALLOW; while(ha) { /* For each rule, if this address and the netmask = the net address apply the current rule */ if ((sin-sin_addr.s_addr ha-netmask.s_addr) == (ha-netaddr.s_addr) res = ha-sense; ha = ha-next; } return res; } Jim James H. Thompson [EMAIL PROTECTED] - Original Message - From: William Zhang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 2:43 PM Subject: [Asterisk-Users] Security Issue in Asterisk with sip.conf configuration. I had tried many ways with some advanced user help, but without success(at one point I thought I had it worked). Here Asterisk is working as a SIP PSTN Gateway, and in the sip.conf file, there are a lot of entries with just host=a.b.c.d, thinking that * will only accept calls from host a.b.c.d, but in my test, no mater how you set up the sip.conf entries, either * will NOT accept calls for that user account at all, or it will accept calls from any where without VERIFYING the source IP(whether it is a.b.c.d or not), so long the sip userid is the username in sip.conf. This post a very serious security problem. Of course we can put secret= for each entries, but giving Asterisk GW and SIP proxy are in 2 TRUSTED IPs, no Authentication is neccessary, otherwise it increase the SIP traffic quite a bit. Following are the 4 different entries that I had tried: #Notice that in the general section, context is pointed to a none existant context INVALID. ; ; SIP Configuration for Asterisk ; [general] port = 5060 ; Port to bind to bindaddr = 212.213.66.68 context = INVALID ; ;srvlookup = yes; Enable SRV lookups on outbound calls ;pedantic = yes ; Enable slow, pedantic checking for Pingtel ;tos=lowdelay ;tos=184 ;maxexpirey=3600; Max length of incoming registration we allow ;defaultexpirey=120 ; Default length of incoming/outoing registration ;notifymimetype=text/plain ; Allow overriding of mime type in NOTIFY ;videosupport=yes ; Turn on support for SIP video disallow=all; Disallow all codecs allow=ulaw ; Allow codecs in order of preference allow=g729 allow=ilbc ; ;dtmfmode=info ;dtmfmode=inband dtmfmode=rfc2833 [20034] type=friend callerid=TEST 61331045 host=212.213.65.66 nat=yes; This phone may be natted canreinvite=no [20035] type=peers callerid=TEST 61331045 host=212.213.65.66 nat=yes; This phone may be natted canreinvite=no [20036] type=friend context=default callerid=TEST 61331045 host=212.213.65.66 permit=212.213.65.66 nat=yes; This phone may be natted canreinvite=no [20037] type=peers context=default callerid=TEST 61331045 permit=212.213.65.66 nat=yes; This phone may be natted canreinvite=no Thank you in advance. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users