Firewall what ports need to be open what not ?

ictdude

Joined
Aug 12, 2009
Messages
23
Likes
0
Points
0
#1
Firewall what ports need to be open what not ?

I need some information so i can secure my Elastix box. I will use shorewall firewall to secure my server where Elastix is running. Is there a list of all knowing ports for Elastix to
operate ? And also what function those ports have ? What udp and tcp ports. I only like
to open ports that are realy needed to operate Elastix voip. Other remote functions and tools go over a IPsec or ptpp. So i really like to secure the box. What can give me the right info ? B)

Gues this is the answer: http://www.voip-info.org/wiki/view/Asterisk+firewall+rules

:) :)

# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT

# IAX2- the IAX protocol
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT

# IAX - most have switched to IAX v2, or ought to
iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT

# RTP - the media stream
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT
 

danardf

Joined
Dec 3, 2007
Messages
8,069
Likes
10
Points
88
#2
Really.. do you use all these ports?

If you use sip, you can only open :
UDP -> 506O and
UDP -> 10000 to 20000

Do you use really the IAX2 and MGCP prtocol?
 

haamed

Joined
Jul 23, 2007
Messages
251
Likes
0
Points
0
#3
For SIP you should open 5061 too, On both TCP and UDP B)
 

danardf

Joined
Dec 3, 2007
Messages
8,069
Likes
10
Points
88
#4
Why open TCP?
Asterisk don't use the SIP TCP (Just for Asterisk 1.6.x).
In my case, I use only 5060 Udp, and that work fine.

I agree with you for 5061, but it's not the real port SIP.
After, yes, you can use every port that you want as for example 5070!
 

haamed

Joined
Jul 23, 2007
Messages
251
Likes
0
Points
0
#5
you are right Danard :)
 

ictdude

Joined
Aug 12, 2009
Messages
23
Likes
0
Points
0
#6

kdacosta

Joined
Apr 12, 2013
Messages
28
Likes
0
Points
0
#7
Thanks again for this info danardf!
 

jordanlcn

Joined
Mar 18, 2009
Messages
141
Likes
0
Points
0
#8
About the RTP range I would also suggest lowering that a bit to something a lot less. That is still 10K ports open.

In theory the best way to secure is not to have open ports at all. But only trusted IP addresses.

Then if you have external/roaming phones use vpn.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,900
Messages
130,884
Members
17,561
Latest member
marouen
Top