I have a questions regarding the firewall rules for Asterisk VoIP server.
I have a restricted access to UDP/TCP port 5060, which seems to be blocking calls.
I want to make sure that my VoIP Server is not hacked, or misused. So, if anyone can let me know which ports needs to be open to all, I would really appreciate it.
Any help on this is very helpful.
Right now, the Asterisk server has the following access control.
USD/TCP port 5060, restrictive access.
UDP ports 10000:20000, global access for RTP media.
Thanks for all those who will contribute to the solution of this problem. I am very sure this will be useful to a lot of admins out there.
BTW, I have been referring to these Links to solve some amount of problem.
http://www.voip-info.org/wiki/view/Asterisk+firewall+rules
https://www.didww.com/Knowledgebase/sip_with_firewall_nat_using_asterisk/
Best Answer
The wiki post you referenced above is seriously misguided (and that's also why the author complains that he is still getting hacked). Manually managing an iptables list is the wrong approach - even worse the author is simply limiting access to the SIP and RTP ports and looking for user agents (without restricting source IP's, connection rates, etc). IP's change constantly, hackers change agent strings, etc. Unless you have only a few users with static IP's at home, only connect from home, etc. this is approach is just wrong.
If your goal is security take a look at some of the tools and techniques to secure your VoIP server here: Asterisk Security. A poorly configured PBX can leave you with a $50k bill after a weekend of toll calls from hackers.