Server Navigation Guide. On both the RedHat/CentOS/Fedora and Ubuntu/Debian platforms, the knockd configuration is managed in /etc/knockd.conf. Before making changes, always shutdown knockd. Then make your changes. Then restart knockd. On RedHat systems, use service knockd stop and start. On Ubuntu, use /etc/init.d/knockd stop and start. By default, knockd monitors activity on eth0. If your setup is different, on Ubuntu, you’ll need to change the port in /etc/default/knockd: KNOCKD_OPTS="-i wlan0". On RedHat, the config file to modify is /etc/sysconfig/knockd and the syntax: OPTIONS="-i venet0:0".
Adjust the timing interval of the knocks. That matters on some server platforms.
Chain nat_reflection_fwd (1 references)
target prot opt source destination
ACCEPT tcp -- 192.168.40.0/24 192.168.40.29 tcp dpt:5060 /* wan */
ACCEPT udp -- 192.168.40.0/24 192.168.40.29 udp dpt:5060 /* wan */
ACCEPT tcp -- 192.168.40.0/24 192.168.40.29 tcp dpts:15001:20000 /* wan */
ACCEPT udp -- 192.168.40.0/24 192.168.40.29 udp dpts:15001:20000 /* wan */
ACCEPT tcp -- 192.168.40.0/24 192.168.40.29 tcp dpt:9689 /* wan */
ACCEPT udp -- 192.168.40.0/24 192.168.40.29 udp dpt:9689 /* wan */
ACCEPT tcp -- 192.168.40.0/24 192.168.40.29 tcp dpt:8190 /* wan */
ACCEPT udp -- 192.168.40.0/24 192.168.40.29 udp dpt:8190 /* wan */
ACCEPT tcp -- 192.168.40.0/24 192.168.40.29 tcp dpt:6815 /* wan */
ACCEPT udp -- 192.168.40.0/24 192.168.40.29 udp dpt:6815 /* wan */
Chain zone_wan_forward (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.40.29 tcp dpt:5060
ACCEPT udp -- 0.0.0.0/0 192.168.40.29 udp dpt:5060
ACCEPT tcp -- 0.0.0.0/0 192.168.40.29 tcp dpts:15001:20000
ACCEPT udp -- 0.0.0.0/0 192.168.40.29 udp dpts:15001:20000
ACCEPT tcp -- 0.0.0.0/0 192.168.40.29 tcp dpt:9689
ACCEPT udp -- 0.0.0.0/0 192.168.40.29 udp dpt:9689
ACCEPT tcp -- 0.0.0.0/0 192.168.40.29 tcp dpt:8190
ACCEPT udp -- 0.0.0.0/0 192.168.40.29 udp dpt:8190
ACCEPT tcp -- 0.0.0.0/0 192.168.40.29 tcp dpt:6815
ACCEPT udp -- 0.0.0.0/0 192.168.40.29 udp dpt:6815
[options]
logfile = /var/log/knockd.log
[opencloseALL]
sequence = 9689:udp,8190:udp,6815:udp
seq_timeout = 15
tcpflags = syn
start_command = /sbin/iptables -A INPUT -s %IP% -j ACCEPT
cmd_timeout = 3600
stop_command = /sbin/iptables -D INPUT -s %IP% -j ACCEPT
If I'm using my phone on wi-fi on my home network, the port knocking will work (ie it shows up in tcpdump).
Link up your team and customers Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.