Change Asterisk Port and Bindings

General and Support topics relating to ViciDialNow and GoAutoDial ISO installers

Moderators: enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, s0lid

Change Asterisk Port and Bindings

Postby Rubal » Mon Mar 11, 2013 4:41 pm

Hi

I am planning to change asterisk port and bindings from 0.0.0.0 to just internal IP. When I make the change for bindings to internal IP I am unable to make any calls. I think this is because of VOIP trunks cant connect to the internal IPs and I need to NAT some ports from external IP to internal. Could anyone advise me what are the changes required on the firewall so we can make calls. Also I'ld just like to allow this for the ips I specify to keep attackers away.

Kindly advise.

Thanks
Rubal
 
Posts: 16
Joined: Mon Jun 27, 2011 2:09 pm

Re: Change Asterisk Port and Bindings

Postby williamconley » Mon Mar 11, 2013 5:12 pm

1) Welcome to the Party! 8-)

2) Newbie suggestions:

when you post, please post your entire configuration including (but not limited to) your installation method and vicidial version with build.

this IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)

You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "from scratch" you must post your operating system and should also post the .iso version from which you installed your original operating system. If your installation is "Hosted" list the site name of the host.

If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.

Similar to This:

Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600

3) WHY are you doing this? If it is for security purposes, try this: viewtopic.php?f=4&t=27329

4) Does your server indeed have two IPs? (Internal and external?) If so, perhaps you should bind to more than one IP ... also have a look at the 127.0.0.1 IP and other possibilites ...

5) Where are you making the change for the binding configuration?

6) What do you refere to as the "asterisk port"? There is no "asterisk port" per se. There are mutliple ports for SIP and IAX (which are protocols that asterisk speaks ...) plus asterisk manager ports (AMI) ...
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Change Asterisk Port and Bindings

Postby Rubal » Mon Mar 11, 2013 5:21 pm

2) GAD 2.1 CE from the iso. Single Server Setup. No Digium/Sangoma Hardware. No Extra Software After Installation.
3) Looks interesting. WIll evaluate.
4) Yes, 2 IPs.. One LAN and One WAN. I want to bind it only to LAN IP and allow only certain IPs from WAN to LAN along with all required ports.
5) From GAD admin interface.
6) Want to change 5060 sip port to something like 995060
Rubal
 
Posts: 16
Joined: Mon Jun 27, 2011 2:09 pm

Re: Change Asterisk Port and Bindings

Postby williamconley » Mon Mar 11, 2013 5:41 pm

Better to leave the ports alone and whitelist those allowed to access the system via the firewall. Then you'll spend less time "reinventing SIP" and have a locked down system.

FYI: There are vulnerabilities all over these packages. Many have been patched, many have not, many have not been discovered but will be next week. But if the only people allowed to send/receive packets over the internet to your system are those specifically allowed by you ... your odds on a hack are dropped to a tiny fraction of a fraction of a percent. That being said: We've only had one system broken into after installing DGG, and that was done from inside the local subnet (ie: physically in the building). I can't fix that. LOL
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Change Asterisk Port and Bindings

Postby gardo » Fri Mar 15, 2013 6:55 pm

I agree with William. Better lock down your system via IPTABLES (firewall) and install fail2ban as an add-on.
http://goautodial.com
Empowering the next generation contact centers
gardo
 
Posts: 1926
Joined: Fri Sep 15, 2006 10:24 am
Location: Manila, 1004


Return to ViciDialNow - GoAutoDial

Who is online

Users browsing this forum: No registered users and 58 guests