[Freeswitch-users] NAT ACL and security

Victor Chukalovskiy Victor at isptelecom.net
Tue Aug 17 19:54:21 PDT 2010


Brian,

I understand that in treats everything as NAT.
But what are consequences apart from pinging them every minute?
I've looked into Wiki, but didn't see clear definition of "NAT behaviour"

Thank you,
Victor

On -10/01/37 02:59 PM, Brian West wrote:
> You're treating everything as if it were nat.... including public addresses...
>
> /b
>
> On Aug 16, 2010, at 2:20 PM, Victor Chukalovskiy wrote:
>
>    
>> I'm using
>> <param name=pply-nat-acl" value="my_nat"/>
>> <param name=at-options-ping" value="true"/>
>> in my SIP profile in order to make Freeswitch ping every phone registered to it.
>> This works well for keeping phones on remote LANs reachable.
>>
>> My_nat ACL is defined as following:
>>      <list name=y_nat" default="allow">
>>      </list>
>> That is, it allows everybody.
>>
>> Question: am I making my system insecure by doing so?
>> I believe "No" since ACL list "my_nat" is only used by appl-nat-acl parameter,
>> but I don't know FreeSWITCH well enough to grantee that nothing else is affected.
>> E.g. does anything else change if phone is considered NATed / non-NATed?
>>
>> Regards,
>> Victor
>>      
>
>
>    




More information about the FreeSWITCH-users mailing list