kjcsb
2006-Nov-18 16:56 UTC
[asterisk-users] Re: Asterisk to listen for sip traffic on 80 and 5060
>I have Asterisk listening for sip traffic on port 5060. I want to allow >users to use either port 80 or 5060 if they want. Hopefully this will avoid >some firewall issues. > > Is this a sensible/crazy thing to do? I have done a bunch of searching and > believe iptables can help but haven't been able to find an example to > forward something from 80 to 5060 inbound and outbound where iptables is > running on the same machine as Asterisk. Is iptables the best way to do it > (without other hardware) or is there an alternative? If anyone has used > iptables to do this would you be willing to share the setup? > > Would something like ths work for inbound?: > iptables -t nat -A PREROUTING -p udp --dport 80 --sport 1024:65535 -j > DNAT --to 127.0.0.1:5060 > > iptables -A FORWARD -p udp -d 1270.0.1 \ > --dport 5060 -m state --state NEW -j ACCEPT > > iptables -A FORWARD -t filter -m state \ > --state NEW,ESTABLISHED,RELATED -j ACCEPT > > What about outbound? > > Alternatively is there a better option? > > Any suggestions appreciated. > > Regards > > Cameron
Leo Ann Boon
2006-Nov-18 17:44 UTC
[asterisk-users] Re: Asterisk to listen for sip traffic on 80 and 5060
kjcsb wrote:> > >> I have Asterisk listening for sip traffic on port 5060. I want to >> allow users to use either port 80 or 5060 if they want. Hopefully >> this will avoid some firewall issues. >>If you're think that by sending SIP on port 80 will fool the firewall into thinking it's HTTP traffic, then I'd suggest you look elsewhere. For a start, most firewalls only allow HTTP on TCP/80 not UDP/80. Leo