vicidial.org

VICIDIAL astGUIclient discussion forum

Skip to content

Vicidial.org Home      Vicidial Forum      Vicidial Wiki      Vicidial Issue Tracker      astGUIclient Project Page


Please, Advice on Asterisk Security!

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Post a reply

Please, Advice on Asterisk Security!

Postby ramonvel » Wed May 02, 2007 8:01 am

I'm setting up a SIP trunk with Bandwidth and I just received the following email:

"* IP Address of your gateway:
(This is the IP Address of your IAD or PBX)

* This must be a public NON-NATTED IP Address. If you use a private or NATTED address the service will not work."


Can somebody tell me if there is a way around it. Otherwise , advice on asterisk security, iptables, etc, being the PBX temporarely exposed to internet (NO firewall protecting it)

Thanks,
Ray
ramonvel
 
Posts: 59
Joined: Fri Apr 13, 2007 9:55 am
Location: Miami
Top

Postby aster1 » Wed May 02, 2007 8:35 am

I dont get it why you used SECURITY in thread topic :P

Some providers require that your server has a public ip so they can allow calls only from that single ip address . AS far as NAT part goes if you have a public ip and your ports are not blocked by your ISP then you can port forward on your router/modem or whatever device has that ip assigned .
aster1
 
Posts: 281
Joined: Sun Dec 24, 2006 6:48 am
Location: India
Top

Postby ramonvel » Wed May 02, 2007 11:13 pm

I have a cisco Pix Firewall... Any recomendation on the setup ?
Ray
ramonvel
 
Posts: 59
Joined: Fri Apr 13, 2007 9:55 am
Location: Miami
Top

Postby gardo » Thu May 03, 2007 9:21 am

just do port forwarding from your cisco firewall to your asterisk box.
these are the default ports:

4569 udp - iax
5060 udp - sip
10000 to 20000 udp - rtp
http://goautodial.com
Empowering the next generation contact centers
gardo
 
Posts: 1926
Joined: Fri Sep 15, 2006 10:24 am
Location: Manila, 1004
Top

Postby diyanat » Fri May 04, 2007 7:17 am

The security depends more on how you configure your linux box and network

The following might help

1) put a firewall in front of your box and do port forwarding as gardo said or

2) if you need to keep the linux box on public ip, add a second NIC eth1 to your linux box on a local IP, bind all TCP services (http, https, ssh etc) to eth1 only, bind mysql to localhost, stop services not needed, configure iptables and just allow the udp ports below on eth0, keep your agents on local ip, asterisk should shoudl bind to 0.0.0.0 (listen on all interfaces)

configure iptables to allow following ports on eth0 (public ip)

sip - 5060 UDP
iax - 4569 UDP
udp ports 10000-20000 UDP

configure iptables to allow following ports on eth1 or u can make eth1 trusted

sip - 5060 UDP
iax - 4569 UDP
udp ports 10000-20000 UDP
http - 80 TCP
https -443 TCP
SSH - 22 TCP
mysql -3306 TCP if you are load balancing or bind mysql to localhost if using a single server


3) join a mailing notification list for you OS and regulary update all packages and asterisk whenever a security notification is released


4) monitor and check your system logs regularly use a log checker that emails you reports on system activity

5) last but not the least learn how to secure your box

http://tldp.org/HOWTO/Security-HOWTO/


Regards

Diyanat
diyanat
 
Posts: 30
Joined: Fri Dec 22, 2006 3:45 pm
Location: Hyderabad - India
Top
Post a reply

Return to Support

Who is online

Users browsing this forum: No registered users and 99 guests

Powered by phpBB® Forum Software © phpBB Group