wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 19,201
- Reaction score
- 5,221
(Moving this discussion from the Nerd Vittles article to the forum...)
I don't understand your reply. Assume a stock install of PIAF which sits behind a hardware router/firewall with all ports blocked. I add a trunk to Vitelity. Outbound calls/traffic work, inbound calls/traffic dont because of the blocked ports. I open up 1 port, 5060, for SIP, to allow inbound traffic from Vitelity. This traffic hits the hardware router/firewall and is port-forwarded/NAT'd to my PIAF box. This PIAF server is now "open to the internet" on 5060 and thus susceptible to SIP-based tom-foolery (although this is NAT'd traffic we're talking about).
When you open and redirect a port on your firewall, it's not just for NAT. It allows all traffic on that port.
I may be reading your article incorrectly, but in it you say that allowing SIP access to your PIAF server is "a bad idea." How is it possible to run a PBX without opening ports for the SIP protocol?
First, all firewalls are not created equal. Some handle SIP and NAT correctly. Others don't. Some support an Application Level Gateway (ALG). Others don't. And some improperly implement ALG so it doesn't work in various NAT combinations. Our article identifies some dLink firewalls that we have found to work reliably with no firewall ports mapped to your server. In layman's terms, think of a SIP conversation as being similar to a session with your web browser. When you visit a web site and the site returns data to your PC, you don't need to poke a hole in your firewall to get the page to display. Same should hold true when you have a registered connection with Vitelity. If not, your firewall isn't handling NAT correctly.
Regarding my 2nd post on the article page: For what it's worth my post was visible after I posted it...but disappeared from your site then mysteriously appeared again after asking if my post was removed. Im sure you have better things to do then moderate...
You're correct. We do have better things to do than moderate comments. But it's one of the necessary evils in running a successful blog unless you want everyone reading about Viagra and poker web sites ad nauseum. So... comments on Nerd Vittles are and will continue to be moderated to eliminate spam. That means that the site shows you your post to confirm that it was received. But it is not visible to others until we approve it. Your original comment was written at 10:30 p.m. last night. We were asleep! We didn't check the site until this morning at which time your post was approved... and appeared.