LesD
Member
- Joined
- Nov 8, 2009
- Messages
- 408
- Reaction score
- 15
PIAF Installed Version = 2.0.6.3 under *VIRTUALBOX*
│ FreePBX Version = 2.11.0.11
│ Running Asterisk Version = 1.8.18.0
│ Operating System = CentOS release 6.3 (Final)
│ Kernel Version = 2.6.32-279.14.1.el6.i686 - 32 Bit
I have noticed entries in the log like
and Fail2Ban has been blocking IPs so I have reviewed my firewall settings and would appreciate some guidence as to what I should have open and what not.
I use a DrayTek 2850 router/firewall.
I have no external phones connected to the system.
I have various SIP trunks (the main one being a Sipgate.co.uk trunk) and one Anveo trunk set up following advice from this forum.
My firewall settings are:
Open ports: UDP 5060 and UDP 10000-20000
Firewall Rules:
1: Source IP: Anveo SIP POPS; Service Type: SIP; Pass Immediately
2: Source IP: Any; Service Type: SIP; Block Immediately
Anveo SIP POPS is the list of five IPs belonging to Anveo
Service Type SIP is defined as UDP/TCP ports 5060 and 10000-20000
As far as I can see the above should only let through traffic on the open ports if coming from Anveo.
If I close the open ports 5060 and 10000-20000 I get:
- Incoming Anveo calls do not ring - as expected.
- Incoming calls to my Sipgate trunk result in one way sound - Far end cannot hear me.
Unless I open 5060 there is only one way sound.
There is a double question here: First, why do I need 5060 open for the Sipgate trunk and second if I do open it how does it help as it should be stopped by my firewall settings.
The conclusion to my second question is that the firewall setting is not working properly which in turn answers how these probes are getting through.
I need to get to the bottom of why the firewall is not blocking properly, but why am I getting one way sound if 5060 is closed?
│ FreePBX Version = 2.11.0.11
│ Running Asterisk Version = 1.8.18.0
│ Operating System = CentOS release 6.3 (Final)
│ Kernel Version = 2.6.32-279.14.1.el6.i686 - 32 Bit
I have noticed entries in the log like
Code:
[2013-12-07 19:49:23] NOTICE[1846] chan_sip.c: Registration from '"22526" <sip:[email protected]:5060>' failed for '79.143.188.22:5088' - No matching peer found
[2013-12-07 19:51:12] NOTICE[1846] chan_sip.c: Registration from '"43670" <sip:[email protected]:5060>' failed for '79.143.188.22:5071' - No matching peer found
[2013-12-07 19:55:29] NOTICE[1846] chan_sip.c: Sending fake auth rejection for device 88<sip:[email protected]>;tag=c256b796
I use a DrayTek 2850 router/firewall.
I have no external phones connected to the system.
I have various SIP trunks (the main one being a Sipgate.co.uk trunk) and one Anveo trunk set up following advice from this forum.
My firewall settings are:
Open ports: UDP 5060 and UDP 10000-20000
Firewall Rules:
1: Source IP: Anveo SIP POPS; Service Type: SIP; Pass Immediately
2: Source IP: Any; Service Type: SIP; Block Immediately
Anveo SIP POPS is the list of five IPs belonging to Anveo
Service Type SIP is defined as UDP/TCP ports 5060 and 10000-20000
As far as I can see the above should only let through traffic on the open ports if coming from Anveo.
If I close the open ports 5060 and 10000-20000 I get:
- Incoming Anveo calls do not ring - as expected.
- Incoming calls to my Sipgate trunk result in one way sound - Far end cannot hear me.
Unless I open 5060 there is only one way sound.
There is a double question here: First, why do I need 5060 open for the Sipgate trunk and second if I do open it how does it help as it should be stopped by my firewall settings.
The conclusion to my second question is that the firewall setting is not working properly which in turn answers how these probes are getting through.
I need to get to the bottom of why the firewall is not blocking properly, but why am I getting one way sound if 5060 is closed?