Hi, I have been given the task to allow in my firewall to permit VOIP connections. The person gave me the ports 5060 and 5061 TCP and UDP. Im using RedHat enterpise with shorewall-2.0.13-1 I did the following: ACCEPT loc net tcp 5060 ACCEPT loc net tcp 5061 ACCEPT loc net udp 5060 ACCEPT loc net udp 5061 ACCEPT net loc tcp 5060 ACCEPT net loc tcp 5061 ACCEPT net loc udp 5060 ACCEPT net loc udp 5061 The shorewall machine act as a firewall between the LAN and the Internet. The VOIP server is in the LAN as well as a bunch of extensions. However there are 6 extensions on the Internet side. Is there anything else I should allow for SIP traffic? -- ------------------------------------------------------------ Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ------------------------------------------------------------ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Sat, Jul 29, 2006 at 10:06am Erick Perez <eaperezh@gmail.com> wrote:> I did the following: > ACCEPT loc net tcp 5060 ACCEPT loc net tcp 5061 > ACCEPT loc net udp 5060 ACCEPT loc net udp 5061 > > ACCEPT net loc tcp 5060 ACCEPT net loc tcp 5061 > ACCEPT net loc udp 5060 ACCEPT net loc udp 5061Be sure to review Shorewall FAQ 30 relative to the rules above. -Tom -- Tom Eastep \\ Nothing is foolproof to a sufficiently talented fool Shoreline, \\ http://shorewall.net Washington USA \\ teastep@avvanta.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Erick Perez wrote:> Hi, I have been given the task to allow in my firewall to permit VOIP > connections. > The person gave me the ports 5060 and 5061 TCP and UDP. > Im using RedHat enterpise with shorewall-2.0.13-1 > > I did the following: > > ACCEPT loc net tcp 5060 > ACCEPT loc net tcp 5061 > ACCEPT loc net udp 5060 > ACCEPT loc net udp 5061 > > ACCEPT net loc tcp 5060 > ACCEPT net loc tcp 5061 > ACCEPT net loc udp 5060 > ACCEPT net loc udp 5061 > > The shorewall machine act as a firewall between the LAN and the > Internet. The VOIP server is in the LAN as well as a bunch of > extensions. However there are 6 extensions on the Internet side. > > Is there anything else I should allow for SIP traffic?yes just a few hundred:-( all of those port included in the /etc/asterisk/rtp.conf usualy upd 10000:10500 or 10000:20000 :-((( ot you use iax2 phones and only udp 4569. -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Sunday 30 July 2006 10:17 am, Farkas Levente wrote:> Erick Perez wrote: > > Hi, I have been given the task to allow in my firewall to permit VOIP > > connections. > > The person gave me the ports 5060 and 5061 TCP and UDP. > > Im using RedHat enterpise with shorewall-2.0.13-1 > > > > I did the following: > > > > ACCEPT loc net tcp 5060 > > ACCEPT loc net tcp 5061 > > ACCEPT loc net udp 5060 > > ACCEPT loc net udp 5061 > > > > ACCEPT net loc tcp 5060 > > ACCEPT net loc tcp 5061 > > ACCEPT net loc udp 5060 > > ACCEPT net loc udp 5061 > > > > The shorewall machine act as a firewall between the LAN and the > > Internet. The VOIP server is in the LAN as well as a bunch of > > extensions. However there are 6 extensions on the Internet side. > > > > Is there anything else I should allow for SIP traffic? > > yes just a few hundred:-( > all of those port included in the /etc/asterisk/rtp.conf usualy upd > 10000:10500 or 10000:20000 :-((( > ot you use iax2 phones and only udp 4569.Actualy asterisk only works with UDP so you can do this rtp.con on asterisk ports from 10000 to 11000 on asterisk rules If the Asterisk server is on the firewall ACCEPT net $FW udp 5060:5061 ACCEPT net $FW udp 10000:11000 ACCEPT loc $FW udp 5060:5061 ACCEPT loc $FW udp 10000:11000 if the asterisk is on a machine outside from the shorewall firewall DNAT net loc:ip-of-the-machine udp 5060:5061 DNAT net loc:ip-of-the-machine udp 10000:11000 Hope this helps -- Fernando Rodriguez AITelecom ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thanks all for your answers, The asterisk machine is behind the firewall. so to make the rules more clear: ACCEPT net loc udp 5060:5061 ACCEPT net loc udp 10000:11000 ACCEPT loc net udp 5060:5061 ACCEPT loc net udp 10000:11000 and i must also restrict the rule as to only allow that to/from the asterisk machine only,right?. On 7/30/06, Fernando Rodriguez <frod@aitelecom.net> wrote:> On Sunday 30 July 2006 10:17 am, Farkas Levente wrote: > > Erick Perez wrote: > > > Hi, I have been given the task to allow in my firewall to permit VOIP > > > connections. > > > The person gave me the ports 5060 and 5061 TCP and UDP. > > > Im using RedHat enterpise with shorewall-2.0.13-1 > > > > > > I did the following: > > > > > > ACCEPT loc net tcp 5060 > > > ACCEPT loc net tcp 5061 > > > ACCEPT loc net udp 5060 > > > ACCEPT loc net udp 5061 > > > > > > ACCEPT net loc tcp 5060 > > > ACCEPT net loc tcp 5061 > > > ACCEPT net loc udp 5060 > > > ACCEPT net loc udp 5061 > > > > > > The shorewall machine act as a firewall between the LAN and the > > > Internet. The VOIP server is in the LAN as well as a bunch of > > > extensions. However there are 6 extensions on the Internet side. > > > > > > Is there anything else I should allow for SIP traffic? > > > > yes just a few hundred:-( > > all of those port included in the /etc/asterisk/rtp.conf usualy upd > > 10000:10500 or 10000:20000 :-((( > > ot you use iax2 phones and only udp 4569. > > Actualy asterisk only works with UDP so you can do this > > rtp.con on asterisk > > ports from 10000 to 11000 > > on asterisk rules > > If the Asterisk server is on the firewall > > ACCEPT net $FW udp 5060:5061 > ACCEPT net $FW udp 10000:11000 > ACCEPT loc $FW udp 5060:5061 > ACCEPT loc $FW udp 10000:11000 > > if the asterisk is on a machine outside from the shorewall firewall > > DNAT net loc:ip-of-the-machine udp 5060:5061 > DNAT net loc:ip-of-the-machine udp 10000:11000 > > Hope this helps > > -- > Fernando Rodriguez > AITelecom > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- ------------------------------------------------------------ Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ------------------------------------------------------------ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Erick Perez wrote:> Thanks all for your answers, The asterisk machine is behind the firewall. > so to make the rules more clear: > ACCEPT net loc udp 5060:5061 > ACCEPT net loc udp 10000:11000 > ACCEPT loc net udp 5060:5061 > ACCEPT loc net udp 10000:11000 > > and i must also restrict the rule as to only allow that to/from the > asterisk machine only,right?. > >Yes, like: ACCEPT net loc:xxx.ip.astx.machine.xxx udp 5060:5061 Etc.> On 7/30/06, Fernando Rodriguez <frod@aitelecom.net> wrote: > >> On Sunday 30 July 2006 10:17 am, Farkas Levente wrote: >> >>> Erick Perez wrote: >>> >>>> Hi, I have been given the task to allow in my firewall to permit VOIP >>>> connections. >>>> The person gave me the ports 5060 and 5061 TCP and UDP. >>>> Im using RedHat enterpise with shorewall-2.0.13-1 >>>> >>>> I did the following: >>>> >>>> ACCEPT loc net tcp 5060 >>>> ACCEPT loc net tcp 5061 >>>> ACCEPT loc net udp 5060 >>>> ACCEPT loc net udp 5061 >>>> >>>> ACCEPT net loc tcp 5060 >>>> ACCEPT net loc tcp 5061 >>>> ACCEPT net loc udp 5060 >>>> ACCEPT net loc udp 5061 >>>> >>>> The shorewall machine act as a firewall between the LAN and the >>>> Internet. The VOIP server is in the LAN as well as a bunch of >>>> extensions. However there are 6 extensions on the Internet side. >>>> >>>> Is there anything else I should allow for SIP traffic? >>>> >>> yes just a few hundred:-( >>> all of those port included in the /etc/asterisk/rtp.conf usualy upd >>> 10000:10500 or 10000:20000 :-((( >>> ot you use iax2 phones and only udp 4569. >>> >> Actualy asterisk only works with UDP so you can do this >> >> rtp.con on asterisk >> >> ports from 10000 to 11000 >> >> on asterisk rules >> >> If the Asterisk server is on the firewall >> >> ACCEPT net $FW udp 5060:5061 >> ACCEPT net $FW udp 10000:11000 >> ACCEPT loc $FW udp 5060:5061 >> ACCEPT loc $FW udp 10000:11000 >> >> if the asterisk is on a machine outside from the shorewall firewall >> >> DNAT net loc:ip-of-the-machine udp 5060:5061 >> DNAT net loc:ip-of-the-machine udp 10000:11000 >> >> Hope this helps >> >> -- >> Fernando Rodriguez >> AITelecom >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >> opinions on IT & business topics through brief surveys -- and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
This one worked for me... When I natted asterisk my remote phone''s can connect and dial, but I couldn''t hear anything on the remote phone. Once I took it out from NAT and use PROXYARP instead, it worked. ACCEPT net loc:proxyarpIP udp 5004:5082 ACCEPT net loc:proxyarpIP udp 4569 ACCEPT net loc:proxyarpIP udp 2727 ACCEPT net loc:proxyarpIP udp 5060 ACCEPT net loc:proxyarpIP tcp 5060 ACCEPT net loc:proxyarpIP udp 10000:20000 If you get to worked on NAT would love to hear from you. Thanks Joshua ----- Original Message ----- From: "Alex Martin" <shorewall@rettc.com> To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Sent: Sunday, July 30, 2006 8:43 PM Subject: Re: [Shorewall-users] Shorewall and Asterisk VoIP> Erick Perez wrote: >> Thanks all for your answers, The asterisk machine is behind the firewall. >> so to make the rules more clear: >> ACCEPT net loc udp 5060:5061 >> ACCEPT net loc udp 10000:11000 >> ACCEPT loc net udp 5060:5061 >> ACCEPT loc net udp 10000:11000 >> >> and i must also restrict the rule as to only allow that to/from the >> asterisk machine only,right?. >> >> > Yes, like: > ACCEPT net loc:xxx.ip.astx.machine.xxx udp 5060:5061 > > Etc. > >> On 7/30/06, Fernando Rodriguez <frod@aitelecom.net> wrote: >> >>> On Sunday 30 July 2006 10:17 am, Farkas Levente wrote: >>> >>>> Erick Perez wrote: >>>> >>>>> Hi, I have been given the task to allow in my firewall to permit VOIP >>>>> connections. >>>>> The person gave me the ports 5060 and 5061 TCP and UDP. >>>>> Im using RedHat enterpise with shorewall-2.0.13-1 >>>>> >>>>> I did the following: >>>>> >>>>> ACCEPT loc net tcp 5060 >>>>> ACCEPT loc net tcp 5061 >>>>> ACCEPT loc net udp 5060 >>>>> ACCEPT loc net udp 5061 >>>>> >>>>> ACCEPT net loc tcp 5060 >>>>> ACCEPT net loc tcp 5061 >>>>> ACCEPT net loc udp 5060 >>>>> ACCEPT net loc udp 5061 >>>>> >>>>> The shorewall machine act as a firewall between the LAN and the >>>>> Internet. The VOIP server is in the LAN as well as a bunch of >>>>> extensions. However there are 6 extensions on the Internet side. >>>>> >>>>> Is there anything else I should allow for SIP traffic? >>>>> >>>> yes just a few hundred:-( >>>> all of those port included in the /etc/asterisk/rtp.conf usualy upd >>>> 10000:10500 or 10000:20000 :-((( >>>> ot you use iax2 phones and only udp 4569. >>>> >>> Actualy asterisk only works with UDP so you can do this >>> >>> rtp.con on asterisk >>> >>> ports from 10000 to 11000 >>> >>> on asterisk rules >>> >>> If the Asterisk server is on the firewall >>> >>> ACCEPT net $FW udp 5060:5061 >>> ACCEPT net $FW udp 10000:11000 >>> ACCEPT loc $FW udp 5060:5061 >>> ACCEPT loc $FW udp 10000:11000 >>> >>> if the asterisk is on a machine outside from the shorewall firewall >>> >>> DNAT net loc:ip-of-the-machine udp 5060:5061 >>> DNAT net loc:ip-of-the-machine udp 10000:11000 >>> >>> Hope this helps >>> >>> -- >>> Fernando Rodriguez >>> AITelecom >>> >>> ------------------------------------------------------------------------- >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net''s Techsay panel and you''ll get the chance to share >>> your >>> opinions on IT & business topics through brief surveys -- and earn cash >>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> >> >> > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share > your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
The settings on the bottom will only work if the ip adresses behind the firewall are a valid set of ip adresses but my bet is that is not, so the rules should be ACCEPT loc net udp 5060:5061 ACCEPT loc net udp 10000:11000 DNAT net loc:<ip of your asterisk box> udp 5060:5061 DNAT net loc:<ip of your asterisk box> udp 10000:11000 Cheers .. Fernando Rodriguez AITelecom -----Mensaje original----- De: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] En nombre de Alex Martin Enviado el: Domingo, 30 de Julio de 2006 10:44 p.m. Para: Shorewall Users Asunto: Re: [Shorewall-users] Shorewall and Asterisk VoIP Erick Perez wrote:> Thanks all for your answers, The asterisk machine is behind the firewall. > so to make the rules more clear: > ACCEPT net loc udp 5060:5061 > ACCEPT net loc udp 10000:11000 > ACCEPT loc net udp 5060:5061 > ACCEPT loc net udp 10000:11000 > > and i must also restrict the rule as to only allow that to/from the > asterisk machine only,right?. > >Yes, like: ACCEPT net loc:xxx.ip.astx.machine.xxx udp 5060:5061 Etc.> On 7/30/06, Fernando Rodriguez <frod@aitelecom.net> wrote: > >> On Sunday 30 July 2006 10:17 am, Farkas Levente wrote: >> >>> Erick Perez wrote: >>> >>>> Hi, I have been given the task to allow in my firewall to permit >>>> VOIP connections. >>>> The person gave me the ports 5060 and 5061 TCP and UDP. >>>> Im using RedHat enterpise with shorewall-2.0.13-1 >>>> >>>> I did the following: >>>> >>>> ACCEPT loc net tcp 5060 >>>> ACCEPT loc net tcp 5061 >>>> ACCEPT loc net udp 5060 >>>> ACCEPT loc net udp 5061 >>>> >>>> ACCEPT net loc tcp 5060 >>>> ACCEPT net loc tcp 5061 >>>> ACCEPT net loc udp 5060 >>>> ACCEPT net loc udp 5061 >>>> >>>> The shorewall machine act as a firewall between the LAN and the >>>> Internet. The VOIP server is in the LAN as well as a bunch of >>>> extensions. However there are 6 extensions on the Internet side. >>>> >>>> Is there anything else I should allow for SIP traffic? >>>> >>> yes just a few hundred:-( >>> all of those port included in the /etc/asterisk/rtp.conf usualy upd >>> 10000:10500 or 10000:20000 :-((( ot you use iax2 phones and only udp >>> 4569. >>> >> Actualy asterisk only works with UDP so you can do this >> >> rtp.con on asterisk >> >> ports from 10000 to 11000 >> >> on asterisk rules >> >> If the Asterisk server is on the firewall >> >> ACCEPT net $FW udp 5060:5061 >> ACCEPT net $FW udp 10000:11000 >> ACCEPT loc $FW udp 5060:5061 >> ACCEPT loc $FW udp 10000:11000 >> >> if the asterisk is on a machine outside from the shorewall firewall >> >> DNAT net loc:ip-of-the-machine udp 5060:5061 DNAT net >> loc:ip-of-the-machine udp 10000:11000 >> >> Hope this helps >> >> -- >> Fernando Rodriguez >> AITelecom >> >> --------------------------------------------------------------------- >> ---- Take Surveys. Earn Cash. Influence the Future of IT Join >> SourceForge.net''s Techsay panel and you''ll get the chance to share >> your opinions on IT & business topics through brief surveys -- and >> earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DE >> VDEV _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thanks, I will test them and report back. Will I gain something in terms of voip by updating to the latest shorewall? Im using shorewall 2.0 On 7/31/06, Fernando Rodriguez <frod@aitelecom.net> wrote:> The settings on the bottom will only work if the ip adresses behind the > firewall are a valid set of ip adresses but my bet is that is not, so the > rules should be > > ACCEPT loc net udp 5060:5061 > ACCEPT loc net udp 10000:11000 > DNAT net loc:<ip of your asterisk box> udp 5060:5061 > DNAT net loc:<ip of your asterisk box> udp 10000:11000 > > Cheers .. > > Fernando Rodriguez > AITelecom > > > -----Mensaje original----- > De: shorewall-users-bounces@lists.sourceforge.net > [mailto:shorewall-users-bounces@lists.sourceforge.net] En nombre de Alex > Martin > Enviado el: Domingo, 30 de Julio de 2006 10:44 p.m. > Para: Shorewall Users > Asunto: Re: [Shorewall-users] Shorewall and Asterisk VoIP > > Erick Perez wrote: > > Thanks all for your answers, The asterisk machine is behind the firewall. > > so to make the rules more clear: > > ACCEPT net loc udp 5060:5061 > > ACCEPT net loc udp 10000:11000 > > ACCEPT loc net udp 5060:5061 > > ACCEPT loc net udp 10000:11000 > > > > and i must also restrict the rule as to only allow that to/from the > > asterisk machine only,right?. > > > > > Yes, like: > ACCEPT net loc:xxx.ip.astx.machine.xxx udp 5060:5061 > > Etc. > > > On 7/30/06, Fernando Rodriguez <frod@aitelecom.net> wrote: > > > >> On Sunday 30 July 2006 10:17 am, Farkas Levente wrote: > >> > >>> Erick Perez wrote: > >>> > >>>> Hi, I have been given the task to allow in my firewall to permit > >>>> VOIP connections. > >>>> The person gave me the ports 5060 and 5061 TCP and UDP. > >>>> Im using RedHat enterpise with shorewall-2.0.13-1 > >>>> > >>>> I did the following: > >>>> > >>>> ACCEPT loc net tcp 5060 > >>>> ACCEPT loc net tcp 5061 > >>>> ACCEPT loc net udp 5060 > >>>> ACCEPT loc net udp 5061 > >>>> > >>>> ACCEPT net loc tcp 5060 > >>>> ACCEPT net loc tcp 5061 > >>>> ACCEPT net loc udp 5060 > >>>> ACCEPT net loc udp 5061 > >>>> > >>>> The shorewall machine act as a firewall between the LAN and the > >>>> Internet. The VOIP server is in the LAN as well as a bunch of > >>>> extensions. However there are 6 extensions on the Internet side. > >>>> > >>>> Is there anything else I should allow for SIP traffic? > >>>> > >>> yes just a few hundred:-( > >>> all of those port included in the /etc/asterisk/rtp.conf usualy upd > >>> 10000:10500 or 10000:20000 :-((( ot you use iax2 phones and only udp > >>> 4569. > >>> > >> Actualy asterisk only works with UDP so you can do this > >> > >> rtp.con on asterisk > >> > >> ports from 10000 to 11000 > >> > >> on asterisk rules > >> > >> If the Asterisk server is on the firewall > >> > >> ACCEPT net $FW udp 5060:5061 > >> ACCEPT net $FW udp 10000:11000 > >> ACCEPT loc $FW udp 5060:5061 > >> ACCEPT loc $FW udp 10000:11000 > >> > >> if the asterisk is on a machine outside from the shorewall firewall > >> > >> DNAT net loc:ip-of-the-machine udp 5060:5061 DNAT net > >> loc:ip-of-the-machine udp 10000:11000 > >> > >> Hope this helps > >> > >> -- > >> Fernando Rodriguez > >> AITelecom > >> > >> --------------------------------------------------------------------- > >> ---- Take Surveys. Earn Cash. Influence the Future of IT Join > >> SourceForge.net''s Techsay panel and you''ll get the chance to share > >> your opinions on IT & business topics through brief surveys -- and > >> earn cash > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DE > >> VDEV _______________________________________________ > >> Shorewall-users mailing list > >> Shorewall-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > >> > >> > > > > > > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s > Techsay panel and you''ll get the chance to share your opinions on IT & > business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- ------------------------------------------------------------ Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ------------------------------------------------------------ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Erick Perez wrote:> Thanks, I will test them and report back. > > Will I gain something in terms of voip by updating to the latest shorewall? > Im using shorewall 2.0 >You''ll gain a version of Shorewall that is supported (that is to say, if you find a bug then you can get it fixed). But it shouldn''t make any different WRT VOIP. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV