It's been a long day and I'm at my wits end with Shoreline and Trixbox. I'm
hoping someone here can help me whip up a config that will actually work.
I have my Trixbox on the internet and am trying to secure it now. I have a SIP
trunk provider. Here's my config.
Cable modem with multiple IP
Max DiOrio wrote:
>Cable modem with multiple IPs. One goes to the ASA, one to the
>Trixbox. The ASA connects to a switch and handles the entire
>network, PCs and phones.
>
>Private lan (phones, servers, pcs, tribox) is 10.1.0.0/255.255.255.0
>
>Trixbox interface eth1 - public interface with ip
You're right. I have done all that. My problem isn't with the trixbox
setup since it was working before. I just can't get the firewall rules
set up properly.
I think I need to see someone elses config files that are similar to
mine to sort this out.
Thanks.
Max DiOrio
IT Coordinator
Univer
I don't have to support SIP so I may be out of line here, but couldn't
you enable logging on everything and see what the firewall is blocking?
--
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the
Max DiOrio wrote:
>You're right. I have done all that. My problem isn't with the trixbox
>setup since it was working before. I just can't get the firewall rules
>set up properly.
>
>I think I need to see someone elses config files that are similar to
>mine to sort this out.
All I have in my Shor
.
-Original Message-
From: Simon Hobson [mailto:li...@thehobsons.co.uk]
Sent: Tuesday, September 22, 2009 8:31 AM
To: Shorewall Users
Subject: Re: [Shorewall-users] Losing my mind after a long day
Max DiOrio wrote:
>You're right. I have done all that. My problem isn't with the trixbox
Also, tshark is a very useful tool - have a look at the packets on
the two networks. Of particular interest might be a full decode (-V
option) of the SIP packets to see what address/port Asterisk is
telling the remote system to use for RDP/
--
Simon Hobson
Visit http://www.magpiesnestpublishi
Max DiOrio wrote:
>My SIP provider is asking me to open all UDP ports, which is a huge
>security risk.
Then they are a bunch of ignorant tools !
The only ports you need to open are the signalling ports (eg 5060 for
SIP) and the ports specified in /etc/asterisk/rtp.conf - those are
the only por
to and out of the Firewall to the SIP Trunk provider's IPs.
Max
-Original Message-
From: Simon Hobson [mailto:li...@thehobsons.co.uk]
Sent: Tue 9/22/2009 2:34 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] Losing my mind after a long day
Max DiOrio wrote:
>My SIP provi
On Tue, Sep 22, 2009 at 06:51:14PM -0400, Max DiOrio wrote:
> Here's my config, maybe someone can spot something that's wrong.
> rules:
> ACCEPTnet:204.11.116.47,204.11.119.47,67.242.xx.xx$FW all
> ACCEPT$FW:204.11.116.47,204.11.119.47,67.242.xx.xxnet all
The 2nd li
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Losing my mind after a long day
On Tue, Sep 22, 2009 at 06:51:14PM -0400, Max DiOrio wrote:
> Here's my config, maybe someone can spot something that's wrong.
> rules:
> ACCEPTnet:204.11.116.47,20
On Tue, 2009-09-22 at 18:51 -0400, Max DiOrio wrote:
> Still not working for me. In fact, this time it was worse. Everything stays
> registered, but this time I get no audio in either direction, and although it
> was working after I enabled the firewall, web access stopped working after a
> fe
On Tue, 2009-09-22 at 18:51 -0400, Max DiOrio wrote:
> Still not working for me. In fact, this time it was worse. Everything stays
> registered, but this time I get no audio in either direction, and although it
> was working after I enabled the firewall, web access stopped working after a
> fe
13 matches
Mail list logo
