Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: please help to verify the simple firewall rules is ok for the call testing of my VOIP telephony syst
Special Forums Cybersecurity please help to verify the simple firewall rules is ok for the call testing of my VOIP telephony syst Post 302688631 by qiubosu on Sunday 19th of August 2012 09:09:58 PM
Old 08-19-2012
please help to verify the simple firewall rules is ok for the call testing of my VOIP telephony syst
Dear Sir,

I want to test the VOIP Telephony system installed in a IP PBX server behind a NAT router. This NAT router connects to a modem (with NAT as well), and then the modem (with static public IP assigned by the ISP, e.g. 219.45.67.80) directly connects to the Internet. There are several IP phones connect to the IP PBX server. The NAT router is configured as DHCP, and as a gateway (e.g. 192.168.3.1) also for the LAN (the NAT router, the IP PBX server and the IP phones consist this LAN). The IP PBX server and the IP phones all connect to the ports of the NAT router, and are with static local IP addresses (e.g. 192.168.3.10, 192.168.3.11, 192.168.3.12, 192.168.3.13 etc). This is the setup of the VOIP telephony system.

I want to make inbound and outbound VOIP phone calls to test the VOIP telephony system. For security, I need to setup the firewall in the IP PBX server (192.168.3.10). But to make it simple as a start (and make it more and more complicated when the simple one works), I plan to just add very simple rules to accept all the incoming and outgoing traffics between Internet and the IP PBX server (192.168.3.10), and forward all the traffic from this IP PBX server (192.168.3.10) to the IP phones (192.168.3.11, 192.168.3.12, 192.168.3.13). The purpose to make the firewall in the IP PBX server as simple as possible is to avoid the possibility that the inappropriate configuration of the IP PBX server firewall lead to the VOIP phone calls failed (there are other reasons could make the VOIP phone calls failed also, e.g. the inappropriate configuration of IP PBX server and the inappropriate of IP phones ......), then I can narrow down the root cause to make the VOIP phone calls failed.

Below is the simple firewall I want to setup in the IP PBX server, i.e. accept and incoming and outgoing traffics, and forward all traffics to IP phones, without specifying any source and destination IP addresses and ports. It is much appreciated if you can help to verify whether this simple firewall rules are ok for my purpose.

#!/bin/sh

# Wipe the tables clean
iptables -F

# INPUT SIDE
iptables -A INPUT -j ACCEPT

# Output side
iptables -A OUTPUT -j ACCEPT

# FORWARD SIDE
iptables -A FORWARD -j ACCEPT
 

8 More Discussions You Might Find Interesting

1. Post Here to Contact Site Administrators and Moderators

Simple rules of the UNIX.COM forums:

(1) No flames, shouting (all caps), sarcasm, bullying or arrogant posts. (2) No negative comments about others or unpolite remarks. Be patient. (3) Refrain from idle chatter that does not contribute to the knowledge base. (4) Do not 'bump up' questions if they are not answered... (0 Replies)
Discussion started by: Neo
0 Replies

2. UNIX for Advanced & Expert Users

Firewall - 2 Internet accesses - routing rules from source

Hello, I would like to modify my firewall configuration for being able to handle 2 internet connections in my Red zone. I would then like to configure some selecting routing rules depending on the internal source. Actual configuration: ===================== 1 router A (ISP)... (1 Reply)
Discussion started by: el70
1 Replies

3. Shell Programming and Scripting

Please verify the simple Shell code

Hi, i am trying to write script which will delete files(more than 90 days older) from different directories. Please check its ok if i implement it in SUN solaris10; One important thing i used here "exec" flag. I heard from someone- as i have lots of files "exec" flag may give error like too... (2 Replies)
Discussion started by: thepurple
2 Replies

4. UNIX for Dummies Questions & Answers

Create new simple System Call.

Hello to all! I am new with unix and i need your help to make something.. First of all i want to inform you that i am working under the Minix 3 OS. What i want to make is, a new system call in terms of the process manager. This system call should take an integer as a parameter (input) and... (1 Reply)
Discussion started by: kostis1904
1 Replies

5. Red Hat

Iptables/Firewall rules for multicast IP.

Hi Gurus, I need to add Multicast Port = xyz Multicast Address = 123.134.143 ( example) to my firewall rules. Can you please guide me with the lines I need to update my iptables files with. (0 Replies)
Discussion started by: rama krishna
0 Replies

6. UNIX for Dummies Questions & Answers

I have firewall rules to open ports, why telnet refuses connection?

Alright... this question comes from the fact that I'm trying to setup postfix to relay messages to Office 365 SMTP but its giving me connection refused... I read that if you have doubts if your port is open or not you should telnet to them so thats what I did. This is a Red Hat 6.3 box. My... (4 Replies)
Discussion started by: RedSpyder
4 Replies

7. UNIX for Beginners Questions & Answers

Simple rules of the UNIX.COM forums:

RULES OF THE UNIX AND LINUX FORUMS For the latest version of the community rules (the official community rules page), please visit here. No flames, shouting (all caps), sarcasm, bullying, profanity or arrogant posts. No negative comments about others or impolite remarks. Be patient. No... (1 Reply)
Discussion started by: Neo
1 Replies

8. Shell Programming and Scripting

Consolidate several lines of a CSV file with firewall rules, in order to parse them easier?

Consolidate several lines of a CSV file with firewall rules Hi guys. I have a CSV file, which I created using an HTML export from a Check Point firewall policy. Each rule is represented as several lines, in some cases. That occurs when a rule has several address sources, destinations or... (4 Replies)
Discussion started by: starriol
4 Replies

LEARN ABOUT FREEBSD

gre

GRE(4)							   BSD Kernel Interfaces Manual 						    GRE(4)

NAME

     gre -- encapsulating network device

SYNOPSIS

     To compile the driver into the kernel, place the following line in the kernel configuration file:

	   device gre

     Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5):

	   if_gre_load="YES"

DESCRIPTION

     The gre network interface pseudo device encapsulates datagrams into IP.  These encapsulated datagrams are routed to a destination host, where
     they are decapsulated and further routed to their final destination.  The ``tunnel'' appears to the inner datagrams as one hop.

     gre interfaces are dynamically created and destroyed with the ifconfig(8) create and destroy subcommands.

     This driver corresponds to RFC 2784.  Encapsulated datagrams are prepended an outer datagram and a GRE header.  The GRE header specifies the
     type of the encapsulated datagram and thus allows for tunneling other protocols than IP.  GRE mode is also the default tunnel mode on Cisco
     routers.  gre also supports Cisco WCCP protocol, both version 1 and version 2.

     The gre interfaces support a number of additional parameters to the ifconfig(8):

     grekey	  Set the GRE key used for outgoing packets.  A value of 0 disables the key option.

     enable_csum  Enables checksum calculation for outgoing packets.

     enable_seq   Enables use of sequence number field in the GRE header for outgoing packets.

EXAMPLES

     192.168.1.* --- Router A  -------tunnel-------- Router B --- 192.168.2.*
						       /
			 			      /
			  +------ the Internet ------+

     Assuming router A has the (external) IP address A and the internal address 192.168.1.1, while router B has external address B and internal
     address 192.168.2.1, the following commands will configure the tunnel:

     On router A:

	   ifconfig greN create
	   ifconfig greN inet 192.168.1.1 192.168.2.1
	   ifconfig greN inet tunnel A B
	   route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1

     On router B:

	   ifconfig greN create
	   ifconfig greN inet 192.168.2.1 192.168.1.1
	   ifconfig greN inet tunnel B A
	   route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1

NOTES

     The MTU of gre interfaces is set to 1476 by default, to match the value used by Cisco routers.  This may not be an optimal value, depending
     on the link between the two tunnel endpoints.  It can be adjusted via ifconfig(8).

     For correct operation, the gre device needs a route to the decapsulating host that does not run over the tunnel, as this would be a loop.

     The kernel must be set to forward datagrams by setting the net.inet.ip.forwarding sysctl(8) variable to non-zero.

SEE ALSO

     gif(4), inet(4), ip(4), me(4), netintro(4), protocols(5), ifconfig(8), sysctl(8)

     A description of GRE encapsulation can be found in RFC 2784 and RFC 2890.

AUTHORS

     Andrey V. Elsukov <ae@FreeBSD.org>
     Heiko W.Rupp <hwr@pilhuhn.de>

BUGS

     The current implementation uses the key only for outgoing packets.  Incoming packets with a different key or without a key will be treated as
     if they would belong to this interface.

     The sequence number field also used only for outgoing packets.

BSD
								 November 7, 2014							       BSD
All times are GMT -4. The time now is 11:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy