[Freeswitch-users] Inbound calls without registering

Cal Leeming [Simplicity Media Ltd] cal.leeming at simplicitymedialtd.co.uk
Fri Jun 14 17:37:02 MSD 2013


There are hundreds, if not thousands, of ways your FS instance can become
compromised and vulnerable to toll fraud (or even remote execution,
depending on what you put in your config!).

I'd personally advice not leaving your 5080 open to the wide internet,
consider putting it behind a firewall and allow only your providers to
contact 5080, and if possible, block 5060 as well (if you know the
IPs/CIDRs your phones are connecting in from).  You can also use acl.conf
to manage these restrictions, but if you are knew to FS then it's very easy
to get this wrong.

Others may argue that using a firewall is overkill, and in some ways
complicates your deployment, but if you are new to FS then it's better to
be safe than sorry.

If you haven't done so already, start having a look though the FS wiki [1],
and the examples provided in the FS repo [2] [3].

Hope this helps!

Cal

[1] http://wiki.freeswitch.org/<http://wiki.freeswitch.org/wiki/Default_config>
[2] http://wiki.freeswitch.org/wiki/Default_config
[3] https://github.com/FreeSWITCH/FreeSWITCH/tree/master/conf/vanilla

On Fri, Jun 14, 2013 at 2:15 PM, Matt Broad <matt at inveroak.com> wrote:

> Hi,
>
> after taking a look it does seem that the calls are coming in on port 5060
> which uses the internal context.
>
> If I have the provider send the traffic to port 5080, does this mean I
> just need to set up a dialplan in the public folder? And if so is there
> anything I should be aware of in regards to security?
>
> thanks
> Matt
>
>
> On 14 June 2013 14:04, Matt Broad <matt at inveroak.com> wrote:
>
>> thanks for the quick response Avi.
>> I have set up a test account with the provider and have set a number to
>> be directed to me without authentication.
>>
>> I see the call coming in but get the output:
>>
>> [WARNING] sofia_reg.c:2503 Can't find user [trunk1 at ipaddress]
>> You must define a domain called 'ipaddress' in your directory and add a
>> user with the id="trunk1" attribute
>> and you must configure your device to use the proper domain in it's
>> authentication credentials.
>>
>> (trunk1 and ipaddress are masks for the actual values).
>>
>>
>> Thanks
>> Matt
>>
>>
>> On 14 June 2013 12:47, Avi Marcus <avi at avimarcus.net> wrote:
>>
>>> By default the external profile is on port 5080 --calls to that profile
>>> don't require authentication, and get sent to the public context.
>>>
>>> -Avi
>>> On Jun 14, 2013 2:12 PM, "Matt Broad" <matt at inveroak.com> wrote:
>>>
>>>>  Hi,
>>>>
>>>> I have a Freeswitch server up and running and am able to make and
>>>> receive calls via my VOIP provider.
>>>> I have it set up that my Freeswitch registers to the provider and then
>>>> I receive/make calls via that gateway.
>>>>
>>>> I now have a new provider that will be providing just inbound calls.
>>>>  They have informed me that I do not need to register with them they will
>>>> just send the calls to my IP address.
>>>> My question is how do I configure Freeswitch to allow calls from an IP
>>>> address? I assume I need to setup an external SIP profile, but does this
>>>> not require a username and password?
>>>>
>>>>
>>>> --
>>>> Thanks
>>>> Matt
>>>>
>>>> This email and any attachments to it are confidential and are intended
>>>> solely for the use of the individual to whom it is addressed. Any views or
>>>> opinions expressed are solely those of the author and do not necessarily
>>>> represent those of InverOak Limited.
>>>>
>>>> If you are not the intended recipient of this email, you must neither
>>>> take any action based upon its contents, nor copy or show it to anyone.
>>>> Please contact the sender if you believe you have received this email in
>>>> error.
>>>>
>>>> This email including any attachments cannot be guaranteed to be 100%
>>>> secure or error-free as information could be intercepted, corrupted, lost,
>>>> destroyed, out-dated, or containing viruses. The sender therefore does not
>>>> accept liability for any errors or omissions in the contents of this
>>>> message which arise as a result of email transmission.
>>>>
>>>> InverOak Limited is a company registered in England & Wales under
>>>> company number 04529594, whose registered address is Old Barn house, 2
>>>> Wannions Close, Botley, Chesham, Buckinghamshire, HP5 1YA, United Kingdom.
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>>
>> --
>> Thanks
>> Matt
>>
>> This email and any attachments to it are confidential and are intended
>> solely for the use of the individual to whom it is addressed. Any views or
>> opinions expressed are solely those of the author and do not necessarily
>> represent those of InverOak Limited.
>>
>> If you are not the intended recipient of this email, you must neither
>> take any action based upon its contents, nor copy or show it to anyone.
>> Please contact the sender if you believe you have received this email in
>> error.
>>
>> This email including any attachments cannot be guaranteed to be 100%
>> secure or error-free as information could be intercepted, corrupted, lost,
>> destroyed, out-dated, or containing viruses. The sender therefore does not
>> accept liability for any errors or omissions in the contents of this
>> message which arise as a result of email transmission.
>>
>> InverOak Limited is a company registered in England & Wales under company
>> number 04529594, whose registered address is Old Barn house, 2 Wannions
>> Close, Botley, Chesham, Buckinghamshire, HP5 1YA, United Kingdom.
>>
>
>
>
> --
> Thanks
> Matt
>
> This email and any attachments to it are confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of InverOak Limited.
>
> If you are not the intended recipient of this email, you must neither take
> any action based upon its contents, nor copy or show it to anyone. Please
> contact the sender if you believe you have received this email in error.
>
> This email including any attachments cannot be guaranteed to be 100%
> secure or error-free as information could be intercepted, corrupted, lost,
> destroyed, out-dated, or containing viruses. The sender therefore does not
> accept liability for any errors or omissions in the contents of this
> message which arise as a result of email transmission.
>
> InverOak Limited is a company registered in England & Wales under company
> number 04529594, whose registered address is Old Barn house, 2 Wannions
> Close, Botley, Chesham, Buckinghamshire, HP5 1YA, United Kingdom.
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130614/5ac5420a/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list