[Freeswitch-users] NAT ACL and security
Brian West
brian at freeswitch.org
Mon Aug 16 12:31:09 PDT 2010
You're treating everything as if it were nat.... including public addresses...
/b
On Aug 16, 2010, at 2:20 PM, Victor Chukalovskiy wrote:
> I'm using
> <param name="apply-nat-acl" value="my_nat"/>
> <param name="nat-options-ping" value="true"/>
> in my SIP profile in order to make Freeswitch ping every phone registered to it.
> This works well for keeping phones on remote LANs reachable.
>
> My_nat ACL is defined as following:
> <list name="my_nat" default="allow">
> </list>
> That is, it allows everybody.
>
> Question: am I making my system insecure by doing so?
> I believe "No" since ACL list "my_nat" is only used by appl-nat-acl parameter,
> but I don't know FreeSWITCH well enough to grantee that nothing else is affected.
> E.g. does anything else change if phone is considered NATed / non-NATed?
>
> Regards,
> Victor
More information about the FreeSWITCH-users
mailing list