Hello List. I am puzzled and how asterisk listens to calls or connections from clients. When I do a netstat -nat I don't see asterisk listening on port 5060. Now, I'm testing a server with three network interfaces: two to the internet doing load balancing and the other to our LAN. I would like asterisk to only accept connections coming from our LAN but, can't find where to configure this. I know I can do it with iptables and block incoming connections to ports 5060-5070 from the internet but, wondering if it can be confiruged in asterisk. Thanks.
At 2:50 PM on 16 Feb 2010, Landy Landy wrote:> Hello List. > > I am puzzled and how asterisk listens to calls or connections from > clients. When I do a netstat -nat I don't see asterisk listening on > port 5060. Now, I'm testing a server with three network interfaces: > two to the internet doing load balancing and the other to our LAN. > I would like asterisk to only accept connections coming from our LAN > but, can't find where to configure this.Set bindaddr in sip.conf. -- C. Chad Wallace, B.Sc. The Lodging Company http://www.lodgingcompany.com/ OpenPGP Public Key ID: 0x262208A0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20100216/987dfd3c/attachment.pgp
On Tue, 16 Feb 2010, Landy Landy wrote:> I am puzzled and how asterisk listens to calls or connections from > clients. When I do a netstat -nat I don't see asterisk listening on port > 5060.man netstat. See what -t means.> Now, I'm testing a server with three network interfaces: two to the > internet doing load balancing and the other to our LAN. I would like > asterisk to only accept connections coming from our LAN but, can't find > where to configure this. > > I know I can do it with iptables and block incoming connections to ports > 5060-5070 from the internet but, wondering if it can be confiruged in > asterisk.See http://www.voip-info.org/wiki/index.php?page=Asterisk+config+sip.conf Search for "bindaddr." -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000
> I am puzzled and how asterisk listens to calls or connections from > clients. When I do a netstat -nat I don't see asterisk listening on port > 5060.That is because you need to do 'netstat -nau'. Only very recently Asterisk has learned to do SIP over TCP. Philipp
Hi!> I know I can do it with iptables and block incoming connections to > ports 5060-5070 from the internet but, wondering if it can be > confiruged in asterisk.Iptables would be the right place, though. Still: Look at 'permit'/'deny' in sip.conf, or use dialplan magic to check on IP addresses (f.e. SIPCHANINFO, SIPPEER). And of course have a look at 'bindaddress' in sip.conf. Philipp
On Tue, Feb 16, 2010 at 5:26 PM, Steve Edwards <asterisk.org at sedwards.com>wrote:> > See http://www.voip-info.org/wiki/index.php?page=Asterisk+config+sip.conf > > Search for "bindaddr." > > -- > Thanks in advance, > ------------------------------------------------------------------------- > Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST > Newline Fax: +1-760-731-3000 > >Or "udpbindaddr" for 1.6.2+...also, "tcpbindaddr", "tlsbindaddr" if you plan on adding TCP/TLS SIP support to asterisk. -- Thanks, --Warren Selby http://www.selbytech.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100216/051787f7/attachment.htm
> See http://www.voip-info.org/wiki/index.php?page=Asterisk+config+sip.conf > > > > Search for "bindaddr." > Or "udpbindaddr" for 1.6.2+...also, > "tcpbindaddr", "tlsbindaddr" if you plan > on adding TCP/TLS SIP support to asterisk. >Thanks to everyone who replied for clarifying.