asterisk users - Jun 2003 - Firewalling, Ports and rtp.conf..

Hi,

Am I correct in this..

I want to setup IPTABLES to protect my * box..

The default rtp.conf defines that * will use ports 10000 to 20000..

IAX listens on 5036..

SIP listens on 5060..

I am assuming all ports used by * are UDP..

So I am planning on setting my server to block all inbound traffic except UDP
ports 5060, 5036 and 10000-20000..

Am I leaving anything out??

Thanks..
-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze

Friday, June 20, 2003, 3:22:20 PM, you wrote:

W> Received: from localhost.localdomain ([216.207.245.21]) by niumidia.it (
IA Mail Server Version: 3.2.1. Build: 1083 ) ) ; Fri, 20 Jun 2003 15:48:53 +0100
W> Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
W>         by localhost.localdomain (8.12.5/8.12.5) with ESMTP id
h5KDb9Cs014431;
W>         Fri, 20 Jun 2003 08:37:09 -0500
W> Received: from spf13.us4.outblaze.com (205-158-62-67.outblaze.com
[205.158.62.67])
W>         by localhost.localdomain (8.12.5/8.12.5) with ESMTP id
h5KDaWCs014425
W>         for <asterisk-users@lists.digium.com>; Fri, 20 Jun 2003
08:36:32 -0500
W> Received: from 205-158-62-68.outblaze.com (205-158-62-68.outblaze.com
[205.158.62.68])
W>         by spf13.us4.outblaze.com (Postfix) with QMQP id 71FAF1899700
W>         for <asterisk-users@lists.digium.com>; Fri, 20 Jun 2003
13:21:02 +0000 (GMT)
W> Received: (qmail 22208 invoked from network); 20 Jun 2003 13:21:02 -0000
W> Received: from unknown (HELO ws5-7.us4.outblaze.com) (205.158.62.156)
W>   by 205-158-62-153.outblaze.com with SMTP; 20 Jun 2003 13:21:02 -0000
W> Received: (qmail 31924 invoked by uid 1001); 20 Jun 2003 13:22:20 -0000
W> Message-ID: <20030620132220.31923.qmail@linuxmail.org>
W> Content-Type: text/plain; charset="iso-8859-1"
W> Content-Disposition: inline
W> Content-Transfer-Encoding: 7bit
W> MIME-Version: 1.0
W> X-Mailer: MIME-tools 5.41 (Entity 5.404)
W> Received: from [81.3.115.188] by ws5-7.us4.outblaze.com with http for
W>     wipeout@linuxmail.org; Fri, 20 Jun 2003 13:22:20 +0000
W> From: "WipeOut ." <wipeout@linuxmail.org>
W> To: asterisk-users@lists.digium.com
W> X-Originating-Ip: 81.3.115.188
W> X-Originating-Server: ws5-7.us4.outblaze.com
W> Subject: [Asterisk-Users] Firewalling, Ports and rtp.conf..
W> Sender: asterisk-users-admin@lists.digium.com
W> Errors-To: asterisk-users-admin@lists.digium.com
W> X-BeenThere: asterisk-users@lists.digium.com
W> X-Mailman-Version: 2.0.13
W> Precedence: bulk
W> Reply-To: asterisk-users@lists.digium.com
W> List-Unsubscribe:
<http://lists.digium.com/mailman/listinfo/asterisk-users>,
W>        
<mailto:asterisk-users-request@lists.digium.com?subject=unsubscribe>
W> List-Id: Asterisk Users Mailing List
<asterisk-users.lists.digium.com>
W> List-Post: <mailto:asterisk-users@lists.digium.com>
W> List-Help:
<mailto:asterisk-users-request@lists.digium.com?subject=help>
W> List-Subscribe:
<http://lists.digium.com/mailman/listinfo/asterisk-users>,
W>        
<mailto:asterisk-users-request@lists.digium.com?subject=subscribe>
W> List-Archive: <http://lists.digium.com/pipermail/asterisk-users/>
W> Date: Fri, 20 Jun 2003 13:22:20 +0000

W> Hi,

W> Am I correct in this..

W> I want to setup IPTABLES to protect my * box..

W> The default rtp.conf defines that * will use ports 10000 to 20000..

W> IAX listens on 5036..

W> SIP listens on 5060..

W> I am assuming all ports used by * are UDP..

W> So I am planning on setting my server to block all inbound traffic except
UDP ports 5060, 5036 and 10000-20000..

W> Am I leaving anything out??

W> Thanks..


but why you wanna protect your * box in this wey?
it should be with a provate IP address afther a firewall so from
outside nobody should attack your box...
and if you need connectivity with other networks you should use
VPN's...

BTW, the port that you wrote are what you need :)

regards